Detecting network-wide traffic anomalies based on robust multivariate probabilistic calibration model

Abstract

Detecting network anomalies means a lot to network security. In respect of detection precision and range, network-wide anomaly detection approaches on the basis of traffic flows have distinctive advantages over the methods of the traditional host computer, single link and single path. However, these approaches face actual problems of performance reduction or being unavailable when noise interference or data loss take place. In order to solve these problems, anomaly detection algorithm based on robust multivariate probabilistic calibration model is proposed. This algorithm establishes a normal traffic model of traffic matrix based on the latent variable probability model of multivariate t-distribution, and implements network anomaly detection by judging if the sample's Mahalanobis distance exceeds the threshold. Both theoretical analysis and experimental results demonstrate its robustness and wider use. The algorithm is applicable when dealing with both data integrity and loss. It also has a stronger resistance over noise interference and lower sensitivity to the change of parameters, all of which indicate its performance stability.