Network Traffic Anomaly Detection

Network traffic anomaly refers to the status that traffic behaviors depart from the normal behaviors. With the rapid development of network, the scale and complexity are increasing, network traffic anomalies impact the network performance more often. To detect anomaly rapidly and accurately and to respond to anomaly correctly is one of the precondition of ensuring the efficient network operation. So detection of anomalous traffic is becoming a topic of concern. This paper intends to research a associated analysis method based on network flow signal's time-frequency domain; propose fast S transform algorithm based on sliding window; using S transform, research network traffic anomaly detection method based on a unequal frequency division method.At first, this paper summarizes the network traffic anomaly, introduces the research actuality and relative technologies of anomaly detection in order to give a theoretical basis to research of network traffic anomaly detection method; propose some research clews in this paper.Because of the variety of the network traffic anomalies, they can perform not only in time domain, but also in frequency domain. With the associated analysis on instantaneous frequency which can display characteristics in frequency and instantaneous flow (the instantaneous amplitude of signal) which can display characteristics in time domain, we can detect anomalies roundly and accurately, and decrease the false-alarm probability and false dismissal probability. At last we realize fast network traffic anomalies detection through variance analysis to the traffic signal's instantaneous frequency and instantaneous flow within the historical window and the detecting window, and the simulations prove the method effectively.This paper introduces a linear time-frequency express: S transform which is used to analyze the network flow signal. By putting partial S matrix's elements using sliding window technology, we put forward fast S transform algorithm with a high computing efficiency. By construct a filter in S time-frequency domain, we realize the abstraction of a partial signal in a special frequency interval (point). Aim at the appearance of high-frequency anomalies and low-frequency anomalies in the real network, using S transform , this paper proposes a network traffic anomaly detection method based on a unequal frequency division method. This division method can do a time-frequency composition efficiently. By measuring the variance analysis operation on reconstructed time signals, we can detect the high-frequency anomalies, mid-frequency anomalies as well as low-frequency anomalies, and the double threshold detection method can improve the detecting reliability. The simulations prove the method effectively.