Ip Network Behavior Anomaly Detection Mechanism Based On Catastrophe Theory

With the development of communications and network technology,network information system has became an important basic of a nation. Human can benefit from great revolutions which network information system brings to social civilization,and realize that network information security has became an emergency problem which affects long-term behoof and persists development of a nation. So,as a dynamic security protection technology,anomaly detection system has became an important research field of computer science and techniques. Nowadays, the Catastrophe theory has been used in transportation and construction, but for network and communication field, it is not used. Under such background, our thesis does some innovative research on the anomaly detection model based on catastrophe theory.First, the paper analyses the advantage and the disadvantage of the several anomaly detection methods, then introduces the Catastrophe theory including the research object, Catastrophe characters and the application approachs. Because the catastrophe theory is very important for the construction of the network model, it is the fundament for the model construction and the experiment later.Second, the paper verifies the feasibility of applying the Catastrophe theory to anomaly detection and choose the basis model and application method by theoretics analysis. Then according to the relationship of the network data, it chooses the network data to be the variables for the cusp model. Besides, a novel decision algorithm based on the network anomaly catastrophe model is presented.Finally, in order to verify the catastrophe model for network anomly and the detection algorithm, we build the experiment network in local area network and produce some real network attack , then using the network data obtained by Ethereal ,we set the different proportions of the network data which are used for the model construction and know the influence of the detection rate and the false positive rate because of the different proportions of network data.