Research On Network Abnormal Traffic Detection Based On Principal Component Analysis And Sketch

With the rapid development of network technology,the Internet plays an increasingly important role in daily life.However,a variety of network attacks have also emerged,which poses a huge threat to our network information security.Based on the improvement of network security performance requirements of Internet users,a large number of researchers have devoted themselves to the research of network security technology.As an effective network security technology,network traffic anomaly detection method is beneficial to network optimization,prediction and other applications,and can protect the property security of Internet users and national information security to a large extent.This paper makes a thorough analysis of the current situation of network traffic anomaly detection research at home and abroad,compares the mature network traffic model and anomaly detection methods,summarizes the categories and advantages and disadvantages of existing network traffic anomaly detection methods.Finally,an anomaly detection method based on sketch data structure and improved MSPCA algorithm is proposed.Around the key modules,the following research achievements have been achieved:(1)In this paper,an anomaly detection method based on improved MSPCA algorithm is proposed to solve the problem of high time complexity and difficult parameter setting of traditional multi-scale principal component analysis algorithm.The improved MSPCA algorithm controls the scale of PCA filter through the threshold of energy contribution efficiency.Then,the wavelet coefficient matrix is filtered by Bayesian principal component analysis instead of traditional principal component analysis.Therefore,this method can separate network data with relatively simple parameter setting and low time complexity,which makes it more practical for anomaly detection.Finally,the experimental results show that the improved anomaly traffic detection method can effectively detect network traffic anomalies,and has a good detection effect.(2)Based on the improved MSPCA algorithm and the sketch structure,this paper proposes a new anomaly detection method based on sketch structure and the improved MSPCA.The combination of sketch data structure is mainly to store a large number of network streams compactly in an effective way for effective processing.At the same time,this combination makes it possible to identify abnormal IP addresses.The metnod is evaluated by simulation experiments.Compared with other related detection methods,the detection rate of this method has been improved.