Abstract: It is difficult to detect traffic anomaly accurately in real-time network management. A traffic anomaly detection algorithm based on steady model is proposed. Both weighted mean value and variance statistics method are used to build and update the steady model. Furthermore ROC curve method is used to assess performance. The complexity of the new algorithm is comparatively low with occupying little system resource and it possesses real-time auto-alarm function. Also simulation shows that the study is a valuable reference for advancing exploration of real-time traffic anomaly detection.

Key words: Traffic anomaly, Anomaly detection, Steady models, Receiver operating characteristic

摘要： 在日常网络管理中如何实时、准确地判定流量异常是网络异常检测中的难点问题。提出了一种基于稳态模型的流异常检测算法，采用加权均值和方差计算相结合的统计学方法对网络流量稳态模型进行建模和更新，并使用ROC曲线进行异常检测模型的性能评估。研究表明，该算法复杂度较低，资源占用小，能够很好地实现实时自动报警功能。实验结果对进一步探索实时的网络流异常检测方法和预测算法具有参考价值。

关键词: 流量异常, 异常检测, 稳态模型, ROC

CLC Number: 

• TP393