Research On Anomaly Detection And Application Type Identification Techniques Of Network Traffic

Network traffic is one of the most important carriers to record and reflect the activities of thenetwork and its users’ behavior, thus the analysis based on it could be an mirror to understand thenetwork, among it the anomaly detection and the application type identification of the networktraffic are two of the basic and important topics. By research on the current methods and algorithms,this paper have generalized that most methods and algorithms to detect the traffic anomalies and toidentify traffic application types are inefficient: occupancy lots of cpu consumption, inappropriateto deal with the high dimensions and large-scale network traffic, high algorithm complexity resultto the detection and identification algorithms usually lag behind, poor real-time effect especiallywhen apply to large-scale and high-bandwidth networks; majority of detection methods are lowdetection rate, majority of identification methods are inaccurate, high rate of the false positives andnegatives, and difficult to balance with the detection(identification)rate and false alarm rate.By introducing the concept of information entropy, and then calculating relative entropy of thenetwork traffic on the vision of the traffic’s dimensions and hierarchies in real-time, this paperproposes a relative entropy based detection method with lower algorithm complexity. Experimentanalysis shows that the false alarm rate is lower when the detection rate is higher, which meets therequirements of real-time and accuracy simultaneously.By merging distance and density together, this paper proposes an gravitational clusteringmethod to identify the network traffic’s application type which have resolved the localized solutionsproblem of the original clustering algorithm, then takes adaptive process to improve the selection ofthe network traffic’s feature attributes, the handling of the isolated network flow, the setting of theinitial cluster centroids. The experiment result and analysis shows that, traffic identification methodbased on this paper is better than the previous on clustering effect, with higher recognition rate,faster convergence of the algorithm.