中文摘要：

针对不同的网络攻击会造成不同流量特征的变化，单一的网络流量特征难以全面检测网络异常的缺陷，提出了一种多源流量特征分析方法。通过选取一组网络流测度，分析其分布特征并采用雷尼信息熵方法进行多源流量特征融合以实现对网络异常行为的全面检测。基于真实网络流量的实验结果表明，提出的网络异常行为检测方法实现简单、计算量小、检测精度高，可适用于大规模网络，能有效检测已知及未知异常。

英文摘要：

Based on tradeoffs analysis of abnormal behavior and detection methods, a multi-source traffic features analysis and abnormal detection method was proposed. The distribution characteristics of the flow size, IP addresses and ports were analyzed and found to be efficacious in traffic patterns analysis. The Renyi entropy was employed to fuse the multi-source information captured by different traffic features, and an abnormal behavior detection method was presented. Beacause of using the multi-source information, the models could detect many kinds of abnormal behaviors, which was an impossible mission for many other traditional abnormal detection methods. The experimental results based on actual network data show that the proposed abnormal detection methods are effective in detecting known and unknown a- ttacks with high-accuracy detection rate and low complexity.