Abstract: According to the impact of abnormal traffic on network self-similarity, an abnormal traffic detection method is designed through comparing the difference of Hurst parameter distribution under network normal and abnormal traffic conditions. This method uses wavelet analysis to calculate the Hurst parameter and the detection threshold can be self-adjusted according to the extent of network self-similarity. Test results on data sets of Lincoln Lab of MIT demonstrate that the new detection method has the characteristic of dynamic self-adaptive, higher detection rate and faster detection speed.

Key words: self-similarity, network traffic, abnormal detection, wavelet analysis

摘要： 根据异常流量对网络自相似的影响，通过研究在流量正常和异常情况下表征自相似程度的Hurst 参数分布特点的不同，设计一种异常流量动态自适应检测方法。该方法采用小波分析估计Hurst参数，根据网络自相似程度自适应地调整检测阈值。对MIT林肯实验室的入侵检测数据测试结果表明，该检测方法具有较好的动态自适应性、较高的检测率及较快的检测速度。

关键词: 自相似, 网络流量, 异常检测, 小波分析

CLC Number: 

• TP393