Anomaly Detection Of Backbone Network Based On Dimensionality Reduction

In recent years, with the rapid development and the rising complexity of computer communication system, it has become an integral part of the infrastructure in human society. But the type, number and threat of network anomalies are rising. How to detect the anomalies of the network traffic timely and accurately becomes an important issue in the backbone network.Because the traffic is very large and high speed, we need to analyze it in a relatively size as the basis. In addition, the traffic anomaly detection of backbone network should be timely, suitably, effective and comprehensive. Aiming at these problem, the dissertation makes work as follow:(1) The traffic characteristics of backbone network make the use of sophisticated analysis difficult, as these methods are not suit to meet online, limited storage space and other requirements of backbone network. Therefore, we use relatively suitable granularity traffic as a time-varying signal. In addition, since detecting the traffic data directly is unrealistic, we need to reduce the computational complexity to improve the efficiency and accuracy by using dimensionality reduction methods. The dissertation uses two common dimensionality reduction methods:sketch and principal component analysis.(2) With respect for the abnormal flows in the mass backbone network traffic have hidden its characters, we propose a novel method based on the combining sketch and Lipschitz regularity distribution of backbone network traffic to reveal the anomalies. Our approach can not only locate time points that anomalies occurred and track the IP addresses of anomalies effectively on backbone network traffic, but also identify the anomalies by analyzing the entropy of source IP addresses. Through the experiments of real network traffic and by contrast with other detection algorithms, the proposed method has very good performance on detection and traceability.(3) With respect for the most of the research for anomaly detection are passive single link flow, we propose a method based on EMD (Empirical Mode Decomposition) and PCA (Principal Component Analysis) to combine the time and spatial correlation of the OD (Origin-Destination) traffic matrix. Through the experiments of real network traffic and by contrast with other detection algorithms, the proposed method has better detection rate. In summary, the main work of the dimensionality is about real-time presence, effectiveness, comprehensiveness and other aspects in backbone network. Through the experiments demonstrate the proposed methods can effectively detect anomalies.