An anomaly traffic detection method based on the flow template for the controlled network

The current network anomaly traffic detection technologies usually focus on the rules matching and statistical method which are suitable for the general network environment. For the communication characteristics of the controlled network environment, this paper puts forward a network anomaly traffic detection method based on the flow template, which captures and analyses the real-time network traffic. The method aims to detect the anomaly network traffic by extracting the characteristics of the network traffic and behaviour, establishing the flow template based on the network eight-group information, and comparing the established template with the actual traffic. The final experiment results show that the method can accurately detect the anomaly network traffic in the controlled network environment.

[1]  Yang Jiahai,et al.  Anomaly Detection Based on Traffic Information Structure , 2010 .

[2]  Ramesh Govindan,et al.  ASTUTE: detecting a different class of traffic anomalies , 2010, SIGCOMM '10.

[3]  Salvatore J. Stolfo,et al.  A Geometric Framework for Unsupervised Anomaly Detection , 2002, Applications of Data Mining in Computer Security.

[4]  Wei Zhang,et al.  A genetic clustering method for intrusion detection , 2004, Pattern Recognit..

[5]  Sushil Jajodia,et al.  Applications of Data Mining in Computer Security , 2002, Advances in Information Security.

[6]  Salvatore J. Stolfo,et al.  Data Mining Approaches for Intrusion Detection , 1998, USENIX Security Symposium.

[7]  References , 1971 .