中文摘要：

网络异常检测对于保证网络的可靠运行具有重要意义，而现有的异常检测方法仅仅单独利用流量的时间相关性或空间相关性．针对这一不足，同时考虑流量矩阵的时空相关性，提出了一种基于MSPCA的全网络异常检测方法．该方法综合利用小波变换具有的多尺度建模能力和PCA具有的降维能力对正常流量进行建模，然后采用Shewart控制图和EWMA控制图分析残余流量．此外，还利用滑动窗口机制对MSPCA异常检测方法进行在线扩展，提出了一种在线的MSPCA异常检测方法．因特网实测数据分析和模拟实验分析表明：MSPCA算法的检测性能优于PCA算法和近期提出的KLE算法；在线MSPCA算法的检测性能非常接近MSPCA算法，且单步执行时间很短，完全满足实时检测的需要．

英文摘要：

Network anomaly detection is very important in order to guarantee the reliable operation of network. Existing methods only utilize temporal correlation or spatial correlation of network traffic individually. Aiming at this deficiency, this paper considers the spatio-temporal correlation of traffic matrix together and puts forward a network-wide anomaly detection method based on MSPCA. The method utilizes the multiscale modeling ability of wavelet transform and dimensionality reduction ability comprehensively to model normal network traffic, and then analyzes residual traffic using Shewart and EWMA control charts. In addition, the MSPCA anomaly detection method is extended to online MSPCA anomaly detection method through applying gliding window mechanism. Real Internet measurement data analyses and simulation experiment analyses show that the detection performance of MSPCA algorithm is superior to PCA algorithm and KLE algorithm proposed recently. Analyses also show that the detection performance of online MSPCA algorithm is close to MSPCA algorithm, and the single step execution time of online MSPCA algorithm is very short, which can fully meet the need of real-time detection.