Network measurement is important to many network management tasks, including traffic anomaly detection. Aggregating packet header information is an effective and efficient way to collect network traffic statistics. We propose a set of aggregated network metrics that may be used to characterize the overall network behaviors. These metrics are generated from packet header based statistics and are stable to normal traffic while sensitive to anomaly. We further apply principal components analysis and information gain analysis to reduce data size. It is evaluated by experiments that the proposed detection system may generate satisfactory classification of network traffic.

• 出版日期2007
• 单位华中科技大学