一种检测网络流量异常和网络攻击的算法

尽管网络流量会出现异常，但大部分时间里流量变化是有规律的。如果网络流量出现异常，那么对整个网络具有较大的危害性，因此网管人员必须及时发现流量是否异常。在以往的流量检测算法中聚焦的焦点只是如何区分流量是正常还是异常，并未讨论此时是否存在攻击行为，这些是算法的不足之处。为了改进现有算法的不足之处，作者在查阅了有关资料和文献之后，提出了一种新的流量检测算法，该算法使用了相似性计算法算法，MMTD算法和粗糙集中的决策系统，将这三种算法在流量检测中进行应用是本文的创新点。本文解决问题的思路是首先使用MMTD算法对当前的流量是否异常做出判断，如果出现异常，则使用相似性计算算法将此时的流量与预警值进行比较，并且判断此时是否存在攻击行为，在文章的最后使用粗糙集中的决策系统对流量异常的原因做出决策。

An Algorithm for Detecting Network Traffic Anomalies and Network Attacks

Although the network traffic is abnormal, but most of the time there is a pattern of flow variation. If the network traffic is abnormal, then the entire network has a great harm, so administrators need to discover the abnormal flow. In the conventional flow focus detection algorithm is how to distinguish between the focused flow is normal or abnormal, does not discuss at this time whether there are attacks, these algorithms are deficiencies. In order to improve the shortcomings of existing algorithms, the following relevant information and documentation is reviewed, and a new flow detection algorithm is proposed, which uses the similarity calculation algorithm, MMTD algorithm and rough centralized decision-making system. These three algorithms are applied to detect the flow rate is innovation of this paper. In this paper, the idea is to solve the problem using the current flow MMTD algorithm is abnormal judgment, if an exception occurs, the similarity calculation algorithm will use this time traffic and warning value, and determine at this time whether there is aggressive behavior. Finally, the use of the article rough centralized decision-making system for reasons abnormal traffic decisions.