【作者】 张涛；

【导师】 张丽珂；

【作者基本信息】 哈尔滨工程大学 ， 模式识别与智能系统， 2008， 硕士

【摘要】 近几年来,计算机网络发展异常迅猛。网络规模不断扩大,复杂性不断增加,网络的异构性越来越高。导致网络出现各种性能问题的可能性增大,而且传播得更为广泛,发现和诊断问题的难度增大。另一方面用户对网络服务性能提出了更高的要求,这些都增加了网络管理的难度。因此如何实时检测这些网络异常成为目前重要的研究课题。对网络流量进行实时监测和管理,及时地发现网络流量异常,对提高网络的可靠性和安全性具有重要意义。本文首先分析了国内外网络流量异常检测的研究现状,指出了所存在的问题,并提出了新的研究思路。局域波分解方法是一种新兴的信号时频分析方法,它吸收了小波变换的多分辨分析的优点,同时又克服了小波变换需要选取小波基和分解层数的缺点,实现了基于信号局部时变特征的自适应时频分解。但原有的EMD方法分解速度慢、边缘出现失真、筛选条件不严格和缺乏对伪分量的判断。我们在分析EMD方法的基础上提出了线性均值分解方法,它有效的克服了这些缺点。进一步的,我们分析了采样频率对该分解方法精度的影响。流量模型是流量分析的重要组成部分。本文分析了多种流量模型,并以自相似流量模型为基础,提出了基于局域波分析的自相似参数(Hurst参数)的估计方法。该方法能够更准确地估计出网络流量的自相似程度。针对现有的网络流量异常检测方法实时性差、精度低和不具有自适应性等缺点,基于对局域波方法的研究,提出了一种基于局域波分解的流量异常检测方法。该方法能够根据流量信号的特点,而自适应的调节分辨率,达到对流量信号的更准确的分析。实验表明该方法具有更高的准确性。更多还原

【Abstract】 With the rapid development of network, the scale and complexity are increasing and the heterogeneous is much higher than before. On the other hand, users advance higher request about network service, which makes the management of networks become more difficult. Consequently, it is difficult to detect anomalies accurately in real-time network management, which becomes an important research problem. Traffic anomalies can significantly disrupt and degrade network service. Therefore, making real-time monitor and management and finding out anomaly for network traffic has significant meanings in improving both robust and security for network.At first, this paper analyzed the research actuality both here and abroad. We pointed out the deficiency of present research and some new research clews.Local wave decomposition method is a new time frequency analysis method. It has some advantages of wavelet decomposition and conquered the disadvantages that the wavelet decomposition need to select a wavelet base and level. Local wave decomposition method can adaptively decomposed base on the local time-varing characteristics. The speed of the EMD method is slow, signal edge have distortion. The condition of screening is not strict. The EMD method do not judge the pseudo component. We proposed a new decompositionmethod——Linear mean decomposition method. This method had conquered theabove disadvantages. In addition, we researched the influence of sampling frequency.Traffic model is one important part of traffic analysis. This paper analyzed some models. We proposed a new method base on the local wave decomposition to calculate the Hurst parameter. This method can estimate the degree of traffic self similarity.The old anomaly detection is slow. It’s results is not accurate. It can not decomposed adaptively. According to the disadvantages of the old anomaly detection, we proposed a new method base on the local wave decomposition. This method can decomposed base on the characteristics of signal. So it can get the more accurate results. Experiments had proved this.更多还原