When applied to networks with a big number of links, conventional network anomaly detection methods often raise such problems as high false alarm rate, incomplete detection scope and failure to meet real-time detection demands within high-speed networks. In fact there is usually strong relevance among multiple links. Such relevance reflects the overall trend of link traffics. Therefore they can be used in network traffic anomaly analysis. In this paper PCA-based relevance analysis method is adopted with the study of network traffic anomaly detection to evaluate the network traffic anomaly from relevance among links. Experiment proves its simplicity and effectiveness in large scale traffic anomaly detection.%传统的网络异常检测方法应用于具有较大链路数量的网络上时,往往存在着误报率高、检测范围不够全面、检测效率不能满足高速网络实时监测需求等问题.由于多链路之间往往存在有较强的相关性,这种相关性反映了链路流量的整体趋势,可以被用来进行网络流量异常分析.采用基于PCA的相关性分析方法对网络流量异常检测进行研究,利用链路之间相关性评估网络流量的异常.实验证明,这种方法应用于大规模流量异常检测是简单有效的.
展开▼
