| With the fast expansion of network-scale, there’re more and more trafficanomalies in network, new types of network traffic anomaly emerge continuously,which is particularly obvious in backbone network. Traffic anomalies may consume alot of bandwidth, occupy a large amount of network resource, and counteract thenormal operation of network. Different kinds of network traffic anomaly differ infeature, damage and solutions. Therefore, network traffic anomaly detection andclassification become hot spot in academia.Network traffic anomaly detection techniques can alert network manager of trafficanomaly as soon as it occurs, while network traffic anomaly classification networkscan judge the type of traffic anomaly been detected fast. With their help, networkmanagers are able to deal with traffic anomalies properly and reduce their damage.Network traffic anomaly detection and classification techniques are important in thefield of network security.In this paper, we explain the difficulties in network traffic anomaly detection andclassification caused by the huge quantities and dynamic feature of traffic in backbonenetwork. We intend to find network traffic anomaly detection and classificationtechniques appropriate for backbone network in our research, the contents of our workis as follows:1. We introduce a network traffic anomaly detection method called ASTUTE,analyze its principle, and simulate it. Through the simulation, we find that in face oflarge amount of background traffic, the ASTUTE method can’t detect some flowanomalies involving large number of abnormal flows which change little in traffic. Sowe improve it by adding new steps. When we cluster network traffic data in differentlevels in order to calculate assessment value, we additionally find subsets includingmany flows which change little in traffic, and calculate assessment value of flowsincluded by each of those subsets according to the ASTUTE algorithm. Besides, weanalyze traffic data in all related links, so that we can confirm those anomalies beendetected out. The simulation results show that our improvement enhance the anomaly detection rate of ASTUTE in face of large amount of background traffic obviously.2. As most network traffic anomaly classification methods ignore the correlationof anomaly flows in time, we propose an unsupervised traffic anomaly detectionmethod based on multiple time-series of anomaly feature parameters and a relevantsupervised traffic anomaly classification method. The simulation results show that bothmethods can classify traffic anomalies accurately whether the abnormal flows areaccurate or not. Besides, the supervised traffic anomaly classification method canclassify traffic anomaly as soon as it been detected, and is able to find new type ofanomaly, which makes itself practicable. |
PDF Full Text Request