A Class of Non-statistical Traffic Anomaly Detection in Complex Network Systems

Recently Network traffic anomaly detection has become a popular research tendency, as it can detect new attack types in real time. The real-time network traffic anomaly detection is still an unsolved problem of network security. The network traffic appears as a complex dynamic system, precipitated by many network factors. Although various schemes have been proposed to detect anomalies, they are mostly based on traditional statistical physics. In these methods, all factors are integrated to analyze the variation of the network traffic. But in fact, the changing trend of network traffic at some moment is only determined by a few primary factors. In this paper, we present a non-statistical network traffic anomaly detection method based on the synergetic neural networks. For our method, a synergetic dynamic equation based on the order parameters is used to describe the complex behavior of the network traffic system. When the synergetic dynamic equation is evolved, only the order parameter determined by the primary factors can converge to 1. Therefore, the network traffic anomaly can be detected by referring to the primary factors. We evaluate our approach using the intrusion evaluation data set of the network traffic provided by the defense advanced research projects agency (DARPA). Experiment results show that our approach can effectively detect the network anomaly and achieve high detection probability and low false alarms rate.