| With the rapid development of network, people increasingly depend on the network. Network brings great convenience to daily life and work. However, at the same time, it also brings a lot of problems that harm personal and property safety. Network security problems such as network anomaly have become the main factor that restricts the development of network, which must be paid more attention to. Anomaly can be responded to timely and effectively only by detecting and localizing anomaly. But the diversity of the network anomaly and the limitation of the available information make it a challenging work to localize the anomaly.Existing studies are mostly limited to detecting anomaly, studying how to balance the tradeoff between missing rate and false alarm rate. A small amount of existing localization researches are limited to link anomaly inference based on end-to-end probe packets. In the case where the end-to-end traffic of the global network is obtained, anomaly detection and localization is of great meaning to network engineering, which will effectively help network managers in network diagnosis, optimization and so on. Multi-Resolution Analysis (MRA) method outperforms a lot of traditional methods in the analysis on Traffic Matrix (TM) containing large amount of information of the network. The anomaly localization method based on Diffusion Wavelet (DW) employed in the paper is an effective MRA method. TM is decomposed into multi-scale approximate coefficient matrices and fine coefficient matrices by 2D DW, of which some coefficients are closely related to the original TM and the network topology. Through studying these coefficients, the types of anomalies can be distinguished and furthermore the positions of anomaly sources can be determined.In this paper, firstly, TM from American backbone network, Abilene network, is analyzed by DW, then the characteristics and energy of different-scale coefficient matrices are explored, and finally the key characteristic parameters at an appropriate scale are obtained. Distributed Denial of Service (DDoS) attack and node disconnection can be distinguished by these key parameters effectively. In each anomalous situation, the mapping relationship tables between the characteristic parameters and the positions of the abnormal nodes can be established by means of different analysis methods in this paper. According to the characteristic on this table, anomaly can be effectively detected, the single-node and multi-node anomaly are also studied respectively. Therefore, effective single-node and multi-node anomaly localization methods are put forward based on these key parameters for nodes disconnection and DDoS attacks. It is confirmed that anomaly localization methods based on threshold and rank exhibit excellent instantaneity, higher accuracy under suitable complexity. Finally, they are compared with the existing methods to demonstrate their effectiveness and superiority. |
PDF Full Text Request