Anomaly Detection of Network Traffic based on the Largest Lyapunov Exponent
A Real-time and reliable detection of anomalies is an important and challenging task. Unlike most detection methods based on the statistical analysis of the packet headers (Such as IP addresses and ports), we propose a new nonlinear approach only using network traffic volumes to detect anomalies reliably. Our method is based on the largest Lyapunov exponent and the change-point detection theory to judge whether anomalies have happened. In details, the largest Lyapunov exponents of normal and anomaly data fluctuate slightly respectively while those of the overlapped data composed of them fluctuate greatly because the dynamic structure of data has changed. Experimental results on network traffic volumes transformed from 1999 DARPA intrusion evaluation data set show that this method can moreeffectively detect network anomalies contrast to a linear method.
network traffic volume anomaly detection Largest Lvapunov exponent
Wei Xiong Hanping Hu Yue Yang Qian Wang
Institute of Pattern Recognition & AI Huazhong University of Science and Technology The Center of Co Institute of Pattern Recognition & AI Huazhong University of Science and Technology College of Computer Science & Technology, Huazhong University of Science and Technology Wuhan Hubei
国际会议
The 2nd IEEE International Conference on Advanced Computer Control(第二届先进计算机控制国际会议 ICACC 2010)
沈阳
英文
581-585
2010-03-27(万方平台首次上网日期,不代表论文的发表时间)