| The rapid development of the Internet has brought about earth-shaking changes in our way of life.Human beings are increasingly relying on the convenience brought by the Internet.However,the issue of network security is becoming increasingly serious.In today's Internet world of all things connected,any abnormal attack will cause unnecessary trouble,which will result in the loss of data and the huge economic loss.Therefore,detecting anomalies in the network is the subject of this thesis.It is well known that anomalies can be displayed in the characteristics of network traffic data of different scales,whereas conventional anomaly detection methods typically work independently on each scale,mainly on time-dependent traffic.In this thesis,through the comprehensive exploration of spatial-temporal correlation in multi-scale,the use of ensemble empirical mode decompositon(EEMD)provides multi-scale signal data,and the multi-channel generalized likelihood ratio test(GLRT)algorithm with spatiotemporal correlation is used as A multi-scale signal detector,combined with principal component analysis(PCA)method,proposes a new anomaly detection algorithm.Specifically,this thesis mainly does the following work:(1)According to the original data processing,a multi-column characteristic flow with time series is obtained,and the processed flow signal is obtained by PCA.(2)The EEMD algorithm is used to decompose the signal into intrinsic mode functions with different periods,and each intrinsic mode function contains signal information of different time scales,thereby obtaining a multi-scale representation of the signal.(3)Multi-channel selection of components on different scales.After determining multiple GLRT detection channels,the GLRT algorithm is performed on the normal flow data that is dealt with by PCA and EEMD method,according to Neyman-Pearson criterion and Monte Carlo principle.The corresponding threshold is calculated by the false alarm probability,and then the new signal is judged according to the threshold value,and the abnormality is detected.(4)The algorithm proposed in this thesis and other network traffic anomaly detection methods were compared on four data sets.Experiments show that the method has better performance than other methods,which provides a new perspective for the anomaly detection of different types of traffic data. |
PDF Full Text Request