Network Traffic Anomaly Detection Method Based on a Feature of Catastrophe Theory
YANG Yue1,2, HU Han-Ping1, XIONG Wei1, CHEN Jiang-Hang1
1Institute for Pattern Recognition and Artificial Intelligence, Huazhong University of Science and Technology, Wuhan 430074 2School of Electronic Information and Mechanics, China University of Geosciences, Wuhan 430074
Network Traffic Anomaly Detection Method Based on a Feature of Catastrophe Theory
YANG Yue1,2, HU Han-Ping1, XIONG Wei1, CHEN Jiang-Hang1
1Institute for Pattern Recognition and Artificial Intelligence, Huazhong University of Science and Technology, Wuhan 430074 2School of Electronic Information and Mechanics, China University of Geosciences, Wuhan 430074
For the existing problems of current network traffic anomaly detection, the behavior of the network traffic anomaly will show nonlinearity, non-stationarity and complexity according to the network traffic often driven by the control of multiple factors. Owing to the characteristic that the internal evolution equation will lead to dynamical structure catastrophe, the phase space reconstruction method and the statistical physics method can be used to compute the macro feature values of the network traffic. By choosing some of the feature values which can obviously reflect the unusual change in the network traffic volume as control variables, a network traffic anomaly detection method based on the catastrophe series theory model is developed. Many experimental results show that the proposed network traffic anomaly detection method has a low false alarm rate under the same condition of detection rate.
For the existing problems of current network traffic anomaly detection, the behavior of the network traffic anomaly will show nonlinearity, non-stationarity and complexity according to the network traffic often driven by the control of multiple factors. Owing to the characteristic that the internal evolution equation will lead to dynamical structure catastrophe, the phase space reconstruction method and the statistical physics method can be used to compute the macro feature values of the network traffic. By choosing some of the feature values which can obviously reflect the unusual change in the network traffic volume as control variables, a network traffic anomaly detection method based on the catastrophe series theory model is developed. Many experimental results show that the proposed network traffic anomaly detection method has a low false alarm rate under the same condition of detection rate.
YANG Yue;HU Han-Ping;XIONG Wei;CHEN Jiang-Hang
. Network Traffic Anomaly Detection Method Based on a Feature of Catastrophe Theory[J]. 中国物理快报, 2010, 27(6): 60501-060501.
YANG Yue, HU Han-Ping, XIONG Wei, CHEN Jiang-Hang
. Network Traffic Anomaly Detection Method Based on a Feature of Catastrophe Theory. Chin. Phys. Lett., 2010, 27(6): 60501-060501.
[1] Box G, Jenkins G M and Reinsel G 1994 Time Series Analysis: Forecasting and Control (Hoboken: John Wiley & Sons, Inc.) chap 3 p 47 [2] Adas A 1997 IEEE Commun. Mag. 35 601746 [3] Sang A M and Li S Q 2002 Comput. Networks 34 329 [4] Hosking J R M 1981 Biometrika 68 165 [5] Shu Y T, Wang L and Zhang L F 2001 Chin. J. Comput. 24 46 (in Chinese) [6] Lee S C and Heinbuch D V 2001 IEEE Trans. Syst. Man. Cybern. A 31 294 [7] Bonifacio J and Camsian A 1998 IEEE International Joint Conference on Neural Networks (Anchorage, Alaska 4-9 May 1998) p 205 [8] WANG X and FANG B X 2005 J. Harbin Inst. Technol. 37 1046 (in Chinese) [9] Xiang Y, Lin Y, Lei W L and Huang S J 2004 IEE Proc. Commun. 151 292 [10] Li L and Lee G 2005 Telecommun. Syst. 28 1018 [11] Yuan J R and Yong J 2001 Acta Phys. Sin. 50 1221 (in Chinese) [12] YANG D P and LIN H Y 2009 Chin.~Phys. Lett. 26 068902 [13] Svensson A, Holst J, Lindquist R and Lindgren G 1996 J. Time Ser. Anal . 17 511 [14] Arnol'd V I 2009 Dynamical Systems V: Bifurcation Theory and Catastrophe Theory (Beijing: Science Press) chap 2 p160 [15] Saunders P T 1995 An Introduction to Catastrophe Theory (Cambridge: Cambridge University) Chap 2 p 41 [16] Lippmann R, Haines J W and Fried D J 2000 Comput. Networks 34 579 [17] Robin S and Vern P 2003 The 10th ACM Conference on Computer and Communications Security (Washington DC 27-31 October 2003) p 265