Research On Detection Technology Of Network Anomaly Based On Limited Penetrable Visibility Graph

With the expansion of Internet size, the services and applications it providedbecome more and more rich, virus, intrusions and other abnormal behaviors arewidespread in Internet today, which inevitably bring about great challenges to networksecurity. Anomaly detection is an important part of IDS, and traditional detectionmethods generally facing the high complexity of the algorithm, the low rate of detectionefficiency, the high rate of false positives and false negatives. It is difficult to meet thecurrent demand of network security, so that it is urgent to propose a new, more effectivedetection method.Firstly, the current anomaly detection technology was studied systemically.Visibility graph theory was introduced after the comparation and testing of the existedthree visibility graph methods for establishing complex networks. Limited PenetrableVisibility Graph Anomaly Detection(LPVG-AD) was proposed as a new networkanomaly detection and classification model in which we establish complex networksbased on the sequence of network flow measurement characteristics. Different networkbehaviors were detected and classified by mining the intrinsic relationship between thecharacteristic sequences.Secondly, as the sort of network flow measurement characteristic sequences have abad effect on the detection model, a sequence sort selection algorithm which is based ondistribution entropy of the distance between network Hub nodes was proposed in orderto solve the problem. The algorithm randomly generated sorts, then calculate thedistribution entropy of the distance between network Hub nodes. By selecting the largersort of entropy values combined with the selection of limited penetrable distance tofulfill the predetermined detection performance. Simulation experiments were madebased on the KDD CUP99data set, which improved that the algorithm is simple andeffective, and it will help detection system realize good detection effect.Finally, architecture of the prototype system LPVG-AD was designed, and testexperiments of the anomaly detection and classification module were made, whichshowed that LPVG-AD detection model can effectively improve the detection rate andclassification accuracy of the detection system.