| Network traffic anomaly detection is one of the important measures to ensure the security of the network. A PCA-based traffic anomaly detection method proposed in the paper, which aiming to detecting Network traffic anomaly caused by LDoS(Low-rate Denial of Service).The general LDoS attack model be researched firstly, and then The model of LDoS attack,which based on TCP timeout retransmission mechanism and router RED mechanism,are studied From the perspective of two different forms of attack. Construction of the network topology for network traffic collection, which contain Simulation traffic Generate by NS2 platform and real traffic generate by LDoS traffic generation tools. LDoS attack traffic are analyzed From the perspective of Packet.Network traffic data with high dimensional characteristics, which needs to be resolved in the Traffic modeling process. It is the reason why PCA-based traffic anomaly detection method proposed in the paper. The different main contribution rate of PCA algorithm brings different data feature. In order to verifying detection rate under different contribution, 90%,50%, 10, three kinds main contribution rate are selected. The T2 which acquisition from PCA algorithm processes the traffic sample data, is used as threshold. If the T2 of detection traffic is higher than threshold, there is anomaly traffic, whereas, there is normal traffic. Modeling using three different samples, including mixed traffic, anomaly traffic, normal traffic. The experimental results show that The higher main contribution rate, the higher detection efficiency of anomaly detection model. |
PDF Full Text Request