Tensor Analysis Based Network Anomaly Detection

With the rapid development of Internet, network security has become one ofthe most concern for people, the network traffic anomaly detection system is themost effective means of protection after the firewall. Real-time and accuratejudgement flow anomalies is the key to network detection.Because of detect the anomaly just for a single link traffic can’t detect allattacks, in order to achieve better detection result, network traffic anomalydetection must be carried out on the entire network. However network widetraffic data is large, high dimension, usually includes multiple OD flow (theOriginal-Destination), and a lot of noise. The anomaly detection method basedon vector does not apply to deal with high dimension traffic data, apply them onthe entire network traffic anomaly detection effect is poor.Using tensor to higher dimensional network traffic data, tensor analysismethod is used to analyse the data dimension reduction processing, caneffectively reduce the anomaly detection testing time and space complexity ofthe algorithm, anomaly detection method based on tensor analysis is suitable forhigh dimensional anomaly detection of network traffic data.This paper studied the network anomaly detection technology based ontensor analysis, design the threshold detection mechanism based on the standardscore, the simulation results show that anomaly detection method based ontensor analysis (HOSVD, HOOI) in the rate of false positives, non-responserates and detection time performance is superior to the anomaly detectionmethod based on vector (PCA).Then add related information of higher dimensional network traffic data foranomaly detection, the simulation results show that the anomaly detectionmethod based on the tensor analysis in the rate of false positives andnon-response rates performance is inferior to the anomaly detection methodbased on vector, but the detection time performance is superior to the anomalydetection method based on vector.Finally, considering the cross information between the network traffic datadimension, using the extension of higher order singular value decomposition: Cross-HOSVDs method applied in higher dimensional anomaly detection ofnetwork traffic data. The advantage is that the new method enables us toconsider the the cross information between the network traffic data dimensionduring anomaly detection dimension. The simulation results show that the Cross-HOSVDs method relative to the HOSVD method has better detection result.