【 摘 要 】

We present a method to detect anomalies in time series of flow interaction patterns. There are many existing methods for anomaly detection in network traffic, such as the number of packets. However, there is no established method to detect anomalies in time series of flow interaction patterns that can be represented as complex network. First, based on the proposed multivariate flow similarity method on temporal locality, a complex network model (MFS-TL) is constructed to describe the interactive behaviors of traffic flows. After analyzing the relationships between MFS-TL characteristics, temporal locality window, and multivariate flow similarity critical threshold, an approach for parameters determination was established. Observed the evolution of MFS-TL characteristics, three non-deterministic correlations were defined for network states (i.e., normal or abnormal). Furthermore, intuitionistic fuzzy set (IFS) is introduced to quantify three non-deterministic correlations, and an anomaly detection method is put forward for single characteristic sequence. In order to build an objective IFS, we design a Gaussian distribution-based membership function with a variable hesitation degree. To determine the mapping of IFS's clustering intervals to network states, a distinction index is developed. Furthermore, an IFS ensemble method (IFSE-AD) is proposed to eliminate the impacts of the inconsistent about MFS-TL characteristic to network state and to improve detection performance. Finally, we carried out extensive experiments on some network traffic datasets, and the results validate the effectiveness of our method and demonstrate the superiority of IFSE-AD to state-of-the-art approaches.

【 授权许可】

Unknown