分布式隐蔽流量异常的多尺度空间检测

分布式异常流量（如DDoS等）分布式地存在于网络多条链路中，且单条链路的流量异常特征不明显，检测具有很大的难度。丈中提出一种分布式隐蔽异常流量的多尺度空间检测方法，可在网络中的骨干结点上进行早期检测，该方法对骨干网络结点上直接可得的多条链路流量分别进行多尺度小波包分析，找到不同时段下的异常频段，获取该时段下的多个异常重构信号，再从空间上通过核密度估计评估这些信号构成的高维空间点在该时段下的异常程度，作为检测依据。美国教育骨干网实际流量数据和合成的分布式异常流量检测结果表明：文中方法能取得比现有方法更好的检测结果。

Multi-scale Spatial Detection of Distributed Stealthy Traffic Anomaly

Distributed anomalous traffic is difficult to detect, since it is dispersed at the same in many links and the features of the traffic anomaly inasingle link are not so clear. This paper proposes amulti scale spatial detection method against distributed stealthy traffic anomaly, which could deploy early-stage detection on key nodes of the network. It first performs multi-scale wavelet packet analysis on the traffic of multiple links, which is available on each node, thus to get abnormal frequency ranges on different time sections and reconstruct signals with anomalous features. Then, the deviation degree of high dimension vectors composed of reconstructed signal is spatially assessed by kernel density estimation, and is taken as the anomaly indicator. Detection results on both real traffic of American education backbone network and synthetic distributed anomalous traffic indicate that this method performs better than the existing methods.