针对现有单链路流量异常检测和全局流量异常检测方法存在的不足,该文提出一种全局的多流量相关异常检测算法。该算法利用同一异常在不同链路或OD流所产生的多个异常流量信号在频率、幅值变化特征等方面具有相似性这一特点,将这种相似性作为检测的依据来检测异常。通过每个OD流或链路的前期流量数据进行下一时刻的流量预测,将实际流量数据减去预测流量值得到异常流量值;通过多个OD流或链路之间的全局相关分析进行流量异常检测。仿真结果表明该文提出的方法能够有效地检测其他单链路和全局异常检测方法无法检测的异常。
Aiming at the lack of the single link's anomaly detection and the network-wide traffic's anomaly detection, we propose a network-wide multi-traffic correlative anomaly detection method. This method uses the characteristic that the anomaly signals on different links or origin-destination (OD) flows, produced by one anomaly, are similar in frequency, the transformation characteristic of the amplitude, and so on. And the comparability is used as the evidence of the anomaly detection. In principle, the traffic is forecasted by the previous data on every OD flow or link, the anomaly traffic is obtained by subtracting the real traffic fi'om the forecast data, and lastly, the traffic anomaly is detected by global correlation analysis on all traffies. Simulation result indicates that this kind of method can detect the anomaly.