| Currently, Network traffic anomaly detection is a hot topic research. With the increasing network services, network intrusion becomes more and more important, which makes detection research of network traffic necessary. What's more, updated intrusion attack and hidden attack feather makes the research of intrusion detection anomaly detection method hard and important.Aiming at the existing problems in current parametric statistical network traffic anomaly methods, a new method based on non-parametric statistics has been proposed in this paper. Compared with parametric statistics model, it can fit network traffic accurately and better parametric estimation. Using Defense Advanced Research Projects Agency DARPA1999 data sets, this paper carries out a comparative analysis of distribution fitting.Taking into account the complexity of network traffic characteristics, such as long-range dependence, self-similarity and so on, this paper uses the discrete wavelet transform to analysis flow characteristics in a different frequency domain. Considering the different nature of low and high frequency flow, this paper also explains some internal flow change process through theory and experiment.In addition, the kernel tricks are widely used in pattern recognition, SVMs, cluster analysis, radial basis neural networks, traffic classification, intrusion attacks classification and other areas. In these applications, researchers focus on selecting, structuring and optimizing the kernel function, classification and distance measures. However, the current applications rarely consider the bandwidth as the statistical feature to solve practical problems. Considering when attack occurs, there will be fluctuations in the flow shape, while the Gaussian kernel bandwidth can reflect the flow shape change accurately, so bandwidth is selected as the feature to analysis anomaly.Finally, the results show that our method of network traffic anomaly detection is very effective. |
PDF Full Text Request