An anomaly detection based on Local Wave decomposition and clustering

The traffic anomaly detection is an important problem of network intrusion detection research, and detecting anomaly rapidly and accurately is one of the precondition of ensuring the efficient network operation. Distributed anomalous traffic is dispersed at the same time in many links of network, what´s more, anomalous characteristics of the traffic is not obvious in single link, thus it easily leads to leakage. According to the above characteristics of distributed anomalous traffic, this paper proposes a detection method combining Local Wave decomposition method with clustering, which applies the Local Wave decompostion method to the traffic signals of multiple links on each key node, then estimate the instaneous frequency of each link, which can highlight the traffic anomalous characteristics and enhance the detection reliability. After that, at each time point, a high-dimensional vector will be composed of the instaneous frequency of each link, then apply the clustering to detecting the anomalous time points. The simulation results indicate that this method can be effective detecting anomalous network traffic.