Network traffic analysis needs a lot of data which include much information. Predominating pattern state of traffic true and roundly has been an active and difficult research topic in the field of traffic analysis for many years. Up to now, simplex data analyzed, requirement of high dependence to analyst and the distortion of analyzed result because of some noisy data in the complicated network still make it not perform as well as expected in practice. In view of the situation, this paper proposes the distribution of traffic feature parameters as researching object and making a clustering with an improved algorithm to realize changing tendence and state of traffic. This method is used by making a test with much real data captured by SNMP agent, and the result of experiment indicates that it can eliminate disturbance in the fact of person basically and make a non- supervised analysis furthest. This analysis method is sensitive to changes of traffic pattern and the analysis result is effective with a general real-time requirement.
[1]
Ian Witten,et al.
Data Mining
,
2000
.
[2]
Jiawei Han,et al.
Data Mining: Concepts and Techniques
,
2000
.
[3]
Mark Crovella,et al.
Mining anomalies using traffic feature distributions
,
2005,
SIGCOMM '05.
[4]
Jun Li,et al.
Early statistical anomaly intrusion detection of DOS attacks using MIB traffic parameters
,
2003,
IEEE Systems, Man and Cybernetics SocietyInformation Assurance Workshop, 2003..
[5]
Petra Perner,et al.
Data Mining - Concepts and Techniques
,
2002,
Künstliche Intell..
[6]
Marina Thottan,et al.
Anomaly detection in IP networks
,
2003,
IEEE Trans. Signal Process..