Based On The Dynamic Threshold Of The Network Traffic Anomaly Detection Method And Realization

With the development of network technology and expanding of the network scale, the topology and equipment in the network become increasingly complex, and the services running on it have gradually increased,which not only significantly increase the network device malfunction and the times of being attacked ,but also bring the network detection much more challenges. The purpose of the network detection is to find out the anomaly in time when it occurs by monitoring the programming of network devices continuously, and issue a alarm to alert network managers to take the necessary measures to restore the network. Network anomaly detection, is the key of the network maintaining system. Whether we can detect network anomalies in time has great significance in increasing network services'availability and reliability.This thesis researches the methods of network traffic anomaly detection and puts forward some solutions for existing problems of network anomaly threshold and network traffic model building.First,this thesis researches the threshold-based anomaly detection algorithm, analyze the static threshold problem, and puts forward an adaptive threshold algorithm basing on multi-point anomaly statistics.The algorithm not only takes into account the current detection point deviation of value from the normal traffic , but also takes into account the influence that binged by the variance of the network traffic.As when real anomaly happens it can be detected at more than one detection point,this algorithm detertinme when the anomaly happens according to the multi-point anomaly statistics and I can dynamically adjust the anomalies threshold to get a better defined and quantified traffic anomaly,which lay a good foundation to the successive anomaly detection algorithm.The establishment of the normal network traffic model have a significant impact to the efficiency of anomaly detection algorithm.The commonly used forecasting model is regression model. To the shortcomings of regression forecasting model for network traffic,this thesis combine innovatively the exponential smoothing model and the wavelet transform.Through the wavelet transform we can weaken the random changes in the time series ,which create a good condition to establish the flow model. Adaptive exponential smoothing model of the three do not need a lot of historical data to caltulate the model parameters, and can dynamically adjust its parameters with time, which make it be able to adapt to the volatility characteristics of network traffic better and achieve better results.As gathering network statistics-represent the network normal running condition with what characteristics,lay very important impact in the expense of time, space and the precise of the detection result of the amomaly detection algorithm,this thesis puts forward a sketch-based anomaly detection algorithm,which puts forward a new KL-based way to measure the difference of between the distribution of the normal statistics and the amomaly.As the algorithm has greater detection ability as it caltulate the KL distance from the statictics point by point and determine whether amomaly occers by it.