FL-LPVG: An approach for anomaly detection based on flow-level limited penetrable visibility graph

Network-based anomaly detection methods monitor network traffic to discover its potential anomaly behaviors. Due to the hysteresis and incompleteness of the signature establishment as well as the inaccuracy of statistics probability model, the effectiveness of traditional signature-based and statistics-based anomaly detection methods are directly restricted. Besides, the species and complexity of anomaly behaviors are varying so fast along with the outbreak of network traffic and the influence of high-speed access. It is difficult to detect and identify anomaly behaviors accurately based on several features of actual network traffic. Anomaly detection is facing the challenge of big data processing and dimensionality reduction of high-dimensional data. In this paper, we propose an anomaly detection approach based on flow-level limited penetrable visibility graph (FL-LPVG), which constructs complex networks based on the network flow series. This method mines structural behavior patterns of the associated graph and detects anomaly traffic through data mining and entropy-based information theoretic techniques. Experiments on KDD Cup 99 dataset demonstrate that this method greatly simplify the process of anomaly detection, and effectively reduce dimensionality of high-dimensional data, and at the same time this method gets a good detection effect.