基于NetFlow时间序列的网络异常检测

网络流量在正常运行的情况下是具有一定的周期性、稳定性的，异常流量会打破这种规律使流量产生异常波动。提出了一种基于NetFlow时间序列滑动窗口检测网络异常的方法，利用时间序列异常发现算法发现网络流量的异常波动从而实现了实时高效的异常流量发现及预警。已经被检测到的网络异常会持续产生预警信息并影响后续的异常检测，为此还提出了两种平抑异常的方法。实验结果表明该方法能够有效地发现网络异常。

Detecting network anomalies based on NetFlow time series

Network traffic shows periodicity and stability when network works normally,but network anomaly would break this rule.This paper presents a novel method which can find out network anomalies based on NetFlow time series sliding window.Using the time-series-based anomaly finding theory,the method realizes real-time finding network anomalies and making announcement of anomalies.To prevent an anomaly from persistent announcement and disturbing following detection,this paper also presents two ways to ignore announced anomalies.The results show that the method differentiates anomalies efficiently.