Anomaly detection in backbone networks using Filter-ary-Sketch

For the special requirements of anomaly detection in backbone networks,an anomaly detection method was proposed based in the summary data structure: Filter-ary-Sketch.It recorded the network traffic information in Fil-ter-are-Sketch online and detected anomalies based on multi-dimensional entropy at every circle.If an anomaly was detected,the anomaly point located according to data stream recorded in Filter-ary-Sketch.Finally,malicious traffic blocked using the source IPs recorded in Bloom filter.The method was effective in detecting a variety of network at-tacks;especially it could block the malicious traffic.Evaluated by the experiment,the method can detect anomaly in the backbone network with small computing and memory resource and block the IP flows that are responsible for the anomaly.