A Real-time and reliable detection of anomalies is an important and challenging task. Unlike most detection methods based on the statistical analysis of the packet headers (Such as IP addresses and ports), we propose a new nonlinear approach only using network traffic volumes to detect anomalies reliably. Our method is based on the largest Lyapunov exponent and the change-point detection theory to judge whether anomalies have happened. In details, the largest Lyapunov exponents of normal and anomaly data fluctuate slightly respectively while those of the overlapped data composed of them fluctuate greatly because the dynamic structure of data has changed. Experimental results on network traffic volumes transformed from 1999 DARPA intrusion evaluation data set show that this method can more effectively detect network anomalies contrast to a linear method.

• 出版日期2010
• 单位华中科技大学