Network anomaly detection is critical to guarantee stabilized and effective network operation.Although PCA-based network-wide anomaly detection algorithm has good detection performance, it cannot satisfy demands of online detection.In order to solve the problem, after traffic matrix model was introduced, a normality model of traffic was constructed using SVR and the sparsification of support vector solutions.Based on these, a multivariate online anomaly detection algorithm based on SVR named MOADA-SVR was proposed.Theoretic analysis showed that MOADA-SVR had lower storage and less computing overhead compared with PCA.Analysis for traffic matrix datasets Internet showed that MOADA-SVR had also good detection performance, approximating PCA.%网络异常检测对于保证网络稳定高效运行极为重要.基于主成分分析的全网络异常检测方法虽然具有很好的检测性能,但无法满足在线检测的要求.为了解决此问题,引入流量矩阵模型,利用支持向量回归及其支持向量解的在线稀疏化方法建立流量的一种常态模型,提出了一种基于支持向量回归的多元在线异常检测算法MOADA-SVR.理论分析和因特网实测数据分析表明,该算法与主成分分析算法相比具有类似的检测效果,但具有更低的存储和计算开销.
展开▼
