An Anomaly Detection Based on Local Wave decomposition and Clustering
The traffic anomaly detection is an important problem of network intrusion detection research, and detecting anomaly rapidly and accurately is one of the precondition of ensuring the efficient network operation.Distributed anomalous traffic is dispersed at the same time in many links of network,whats more, anomalous characteristics of the traffic is not obvious in single link,thus it easily leads to leakage.According to the above characteristics of distributed anomalous traffic, this paper proposes a detection method combining Local Wave decomposition method with clustering, which applies the Local Wave decompostion method to the traffic signals of multiple links on each key node, then estimate the instaneous frequency of each link,which can highlight the traffic anomalous characteristics and enhance the detection reliability.After that,at each time point,a high-dimensional vector will be composed of the instaneous frequency of each link,then apply the clustering to detecting the anomalous time points.The simulation results indicate that this method can be effective detecting anomalous network traffic.
Local Wave decomposition instantaneous frequency clustering traffic anomaly detection
Wu Liping
School of Communication and Information Engineering University of Electronic Science and Technology of China Chengdu 611731, China
国际会议
昆明
英文
390-393
2010-10-17(万方平台首次上网日期,不代表论文的发表时间)