基于小波的网络流量异常协同相变检测

针对网络流量表现出的非线性和非平稳性等复杂的动力学特征，提出一种基于小波的网络流量异常协同相变检测方法。该方法从网络流量时间序列的离散小波域出发，利用序参量的非线性动力学方程描述网络流量系统的复杂行为，采用势函数来刻画网络流量系统的非平稳相变过程，进一步分析了网络流量状态与各种攻击模式之间的变化关系，并通过协同学模型对网络流量序参量进行演化，当相应序参量收敛时，即可检测到相应的攻击模式或是正常流量模式。最后，采用了DARPA 1999数据集进行了实验测试，网络流量异常的平均检测率达到了90.00%，而平均误检率只有15.03%。实验结果表明，基于小波的协同相变方法可以用于网络流量异常检测。

Synergetic phase transition detection method for network traffic anomolies based on wavelet

According to the nonlinear and non-stationary dynamic characteristics of the network traffic,the technique based on synergetic phase transition theory was proposed for detecting network traffic anomalies.By using the nonlinear dynamic equation of the order parameter,the paper described the complex behaviors of the network traffic system in discrete wavelet domain of the network traffic time series and the potential function was used to characterize non-stationary phase transition process of the network traffic system.The relationship between network traffic status and the various attack patterns was analyzed,and the synergetic model was used to calculate the network traffic order parameter.When the corresponding order parameter converged,the corresponding attack pattern or the normal traffic pattern could be detected.Finally,the DARPA 1999 data set was used to evaluate the proposed method.The average detection rate is 90.00% and the average false alarm rate is 15.03%.The experimental results show that the proposed method is effective for the network traffic anomaly detection.