基于奇异值分解更新的多元在线异常检测方法

网络异常检测对于保证网络稳定高效运行极为重要。基于主成分分析的全网络异常检测算法虽然具有很好的检测性能，但无法满足在线检测的要求。为了解决此问题，该文引入流量矩阵模型，提出了一种基于奇异值分解更新的多元在线异常检测算法MOADA-SVDU，该算法以增量的方式构建正常子空间和异常子空间，并实现网络流量异常的在线检测。理论分析表明与主成分分析算法相比，该算法具有更低的存储和计算开销。因特网实测的流量矩阵数据集以及模拟试验数据分析表明，该算法不仅实现了网络异常的在线检测，而且取得了很好的检测性能。

A Multivariate Online Anomaly Detection Algorithm Based on SVD Updating

Network anomaly detection is critical to guarantee stabilized and effective network operation. Although PCA-based network-wide anomaly detection algorithm has good detection performance, it can not satisfy demands of online detection. In order to solve the problem, the traffic matrix model is introduced and a Multivariate Online Anomaly Detection Algorithm based on Singular Value Decomposition Updating named MOADA-SVDU is proposed. The algorithm constructs normal subspace and abnormal subspace incrementally and implements online detection of network traffic anomalies. Theoretic analysis shows that MOADA-SVDU has lower storage and less computing overhead compared with PCA. Analyses for traffic matrix datasets from Internet and simulation experiments show that MOADA-SVDU algorithm not only achieves online detection of network anomaly but also has very good detection performance.