Develop continuously along with the modern internet technique and internet scale which bring our life more convenience. Meanwhile, the security of internet has become face a severe test. Wherever, the intrusion detection technique can be used to protect the intrusion traffic of internet and make sure that the internet and host can run normally.Based on the anomaly detection, we introduced the domestic and international present research. We measured some common network anomaly, such as DoS/DDoS attacks as well as Port Scan and proposed a method which analyzing the network anomaly by various network traffic feature. By using the wavelet technique and time series, algorithm established a normal network model for the system and used anomaly detection of residual ratio to decide the concrete time of anomalous. The original data from MIT was 1999DARPA.which is a standard dataset of evaluating intrusion detection approaches offline. Based on the data flow log, we detected some digital data. Our results have showed that combined wavelet technique with the system identification could give a high probability of detection. |