|
|
A Multivariate Online Anomaly Detection Algorithm Based on SVD Updating |
Qian Ye-kui①② Chen Ming① |
①(Institute of Command Automation, PLA University of Science & Technology, Nanjing 210007, China)
②(Air Defence Forces Command Academy of PLA, Zhengzhou 450052, China) |
|
|
Abstract Network anomaly detection is critical to guarantee stabilized and effective network operation. Although PCA-based network-wide anomaly detection algorithm has good detection performance, it can not satisfy demands of online detection. In order to solve the problem, the traffic matrix model is introduced and a Multivariate Online Anomaly Detection Algorithm based on Singular Value Decomposition Updating named MOADA-SVDU is proposed. The algorithm constructs normal subspace and abnormal subspace incrementally and implements online detection of network traffic anomalies. Theoretic analysis shows that MOADA-SVDU has lower storage and less computing overhead compared with PCA. Analyses for traffic matrix datasets from Internet and simulation experiments show that MOADA-SVDU algorithm not only achieves online detection of network anomaly but also has very good detection performance.
|
Received: 15 October 2009
|
|
Corresponding Authors:
Qian Ye-kui
E-mail: qyk1129@hotmail.com
|
|
|
|
|
|
|