Network-wide anomaly detection method based on multiscale principal component analysis

Abstract

Network anomaly detection is very important in order to guarantee the reliable operation of network. Existing methods only utilize temporal correlation or spatial correlation of network traffic individually. Aiming at this deficiency, this paper considers the spatio-temporal correlation of traffic matrix together and puts forward a network-wide anomaly detection method based on MSPCA. The method utilizes the multiscale modeling ability of wavelet transform and dimensionality reduction ability comprehensively to model normal network traffic, and then analyzes residual traffic using Shewart and EWMA control charts. In addition, the MSPCA anomaly detection method is extended to online MSPCA anomaly detection method through applying gliding window mechanism. Real Internet measurement data analyses and simulation experiment analyses show that the detection performance of MSPCA algorithm is superior to PCA algorithm and KLE algorithm proposed recently. Analyses also show that the detection performance of online MSPCA algorithm is close to MSPCA algorithm, and the single step execution time of online MSPCA algorithm is very short, which can fully meet the need of real-time detection. © 2012 ISCAS.