【摘要】 云计算空间中存储着海量网络流量数据，若计算机频繁重复访问会产生网络崩溃情况，为此提出面向云计算的大规模网络流量异常检测方法。采用DWT信号处理方法提取网络流量特征，运用BIRCH算法聚类处理网络流量数据，通过大规模网络流量特征提取、聚类分析以及分组融合，得到流量数据分组。基于流量分组结果，基于NMF多源异常检测算法构建常规子空间、生成残余矩阵，并添加Shewhart控制图描述异常与正常数据之间的差别，判断网络流量是否为异常，根据判断结果实现网络流量异常检测。实验结果表明，所提方法的异常流量检测精度召回率和F1值均较高，能够有效提升检测效果。更多还原

【Abstract】 In this paper, a large-scale network traffic anomaly detection method for cloud computing was proposed. Firstly, the DWT signal method was used to extract network traffic features, and then BIRCH algorithm was adopted to cluster network traffic data. After the large-scale network traffic feature extraction, cluster analysis and grouped fusion, traffic data packets were obtained. Based on traffic grouping results, the NMF multi-source anomaly detection algorithm was used to construct a conventional subspace and generate a residual matrix. Meanwhile, a Shewhart control chart was added to describe the difference between abnormal data and normal data, thus judging whether the network traffic was abnormal. Finally, network traffic anomaly detection was achieved. Experimental results show that the proposed method has high detection accuracy, high recall rate as well as high F1 value, and can effectively improve the detection effect.更多还原