Adaptive aberrant network traffic detection algorithm based on time series forecast
-
摘要: 传统的网络管理工具通常是根据预先设定的阈值进行网络流量异常检测,这种方法虽然简单,但不能根据网络状况进行自适应的动态调整.分析了基于时间序列的Holt-Winters异常检测方法,结合建立的历史流量的正常模型,改进了Holt-Winters模型的基值以及平滑因子参数的获取过程,加快了算法的启动时间,缩短了算法对网络环境的自适应时间.改进的Holt-Winters算法相较于原来的Holt-Winters算法以及阈值检测方法检测的正确率更高、误报率更低.
-
关键词:
- 异常检测 /
- 时间序列分析 /
- Holt-Winters模型
Abstract: The traditional network management tools usually detect aberrant network traffic according to the preset threshold. This method is straightforward, but it has poor adaptability. Therefore, A mature aberrant detection method called Holt-Winters based on the time series forecast was described. But it needed a long time to adapt the real network environment when the algorithm model applied. To solve these problems, based on the statistics of huge history network flow model, an increased Holt-Winter algorithm was proposed to calculate the base values and the model parameter values, which made the algorithm started faster. The result shows that the increased Holt-Winters algorithm has improved the detection accuracy and reduced the false alarm rate compared with threshold method and traditional Holt-Winters model.-
Key words:
- aberration detection /
- time series analysis /
- Holt-Winters models
-
[1] Lawrence Ho L, Cavuto D J, Papavassiliou S, et al. Adaptive and automated detection of service anomalies in transaction-oriented WAN’s: Network analysis, algorithms, implementation and deployment[J].IEEE Journal of Selected Areas in Communications, 2000, l8(5):744-757 [2] Hood C S, Ji C. Beyond thresholds:an alternative method for extracting information from network measures Proceedings of IEEE Globecom Conference. Phoenix:Arizona, 1997:487-49l [3] Brutlag J. Aberrant behavior detection in time series for network monitoring Proceedings of the USENIX Fourteenth System Administration Conference LISA XIV. California: USENIX Assoc, 2000:139-146 [4] Ho L L, Cavuto D J, Papavassiliou S. Adaptive and automated detection of service anomalies in transactionoriented WAN-s: network analysis, algorithms, implementation, and deployment [J]. IEEE Journal of Seletected Areas in Communications, 2000, 18 (5):744-757 [5] Brockwel P J, Davis R A. Introduction to time series and forecasting [M]. New York: Springer, 2002:326-328 [6] Chatfield C, Yark M. The Holt-Winters forecasting: some practical issues [J]. The Statistician, 1988, 37: 129-140 [7] Bermudez J D, Segura J V, Vercher E. Holt-Winters forecasting: an alternative formulation applied to UK air passenger data [J]. Journal of Applied Statistics, 2007, 34(9):1075-1090
点击查看大图
计量
- 文章访问数: 3353
- HTML全文浏览量: 199
- PDF下载量: 4573
- 被引次数: 0