中文摘要：

为提高异常流量发现的效率,解决传统流量分析方法效率较低、异常检测能力弱的问题,对骨干路由器的netflow流数据采用基于多个信息熵的联合指标并结合基于滑动窗口的熵流突发检测算法来实现网络异常的发现;并利用各指标熵值的相关度分析将指标分类,根据已知的异常类型对每一类指标的异常检测范围作出总结。通过实验成功剔除了冗余度高的指标,将网络异常流量分为了能准确地被联合指标识别出的四种类型。实验证明,该异常检测方案实用性强,较传统的流量分析方法在异常类型的判断上更加准确和有效。

英文摘要：

To solve the problems of low efficiency and weak detecting ability in limited anomaly types of traditional network traffic detection method,this paper gave a new method that used seven indices to mine the netflow data from routers on the backstone network with applying the slipping window-based algorithm for detecting the bursts of the entropy stream in order to discover anomalies.In the meantime,presented correlativity of these entropy indices,according to it,sorted these entropy indices into four classes which had the extremely similary detection range.The experiment results illustrate that compared to the traditional traffic,this new method is more useful and accurate.