Network Traffic Anomaly Detection Based on Wavelet Analysis

Abstract

Network traffic anomaly detection is an important research content in the field of network and security management. By analyzing network traffic, the health of the network environment can be intuitively evaluated. In particular, analyzing network traffic provides practical and effective guidance for identification and classification of anomaly. This paper proposes a network traffic anomaly detection method based on wavelet analysis for pcap files contain two different delay injections. The wavelet analysis can effectively extract information from the signal and is suitable for the detection of anomaly. Firstly, wavelet analysis is used to extract the waveform features, and then the support vector machine is used for classification. In particular, packet lengths in the pcap files is parsed out to form a sequence of packet lengths in chronological order. Then followed by the wavelet analysis based packet length sequence feature extraction and feature selection methods, the resulting eigenvectors are used as input features to support vector machine for training the classifier. Thus to differentiate the two types of anomaly in the mixed traffic with both normal and abnormal traffic. The qualitative and quantitative experimental results show that our approach achieves good classification results.