Network Traffic Detection And Analysis Method Based On Empirical Mode Decomposition

The rapid development of the network has led to an increasing number of cyber attacks,and the problem of network security has become increasingly severe.Network traffic anomaly detection,as an important network supervision method,is a powerful measure to solve network security problems.In practical work,we observed that anomalies will lead to traffic fluctuations at different scales,and multi-scale detection can improve the effectiveness of anomaly detection.Combined with multi-scale detection ideas,this thesis mainly proposes a new anomaly detection method based on digital signal processing theory.This method includes two modules: traffic data processing and anomaly detection.The first module uses Empirical Mode Decomposition(EMD)to obtain the multi-scale representation of the traffic data,and the second performs the calculation of detection-values and the abnormality judgment through a multi-channel signal detection method.Specifically,the main work done in this thesis is as follows:(1)The adaptive EMD method—Ensemble Empirical Mode Decomposition(EEMD)is applied to decompose the traffic data into IMFs adaptively,which makes the traffic fluctuation better characterized.Simultaneously the multi-scale representation of traffic data is obtained.(2)The problem of anomaly detection is extended to a signal detection problem.Multi-channel detection is applied for the multi-scale flow data using Generalized Likelihood Ratio Test(GLRT),and then combined with the threshold,abnormality judgment is completed.In addition,this thesis also proposes a channel selection method to determine the data format input into the GLRT detector.(3)The anomaly detection experiments were performed on three data sets using the proposed method and two traditional multi-scale detection methods.Experimental results show that the anomaly detection method proposed in this thesis has better detection effect and better adaptability.(4)During the experiments,we also verified the proposed threshold calculation method and channel selection method.The results show that the threshold calculation method is feasible,and the threshold obtained is trustworthy to make abnormality judgment.The channel selection method not only reduces the number of channels,but also has a better anomaly detection effect.In summary,this thesis proposes a multi-scale traffic anomaly detection method based on EEMD decomposition.At the same time,on the basis of digital signal processing theory,multi-scale anomaly detection is implemented using a GLRT detector.Compared with the traditional multi-scale detection method,the method presented in this thesis shows superiority in effect and better adaptability.