Network Traffic Anomaly Detection based on Ratio and Volume Analysis

Recent attack targets on a public network as well as an enterprise/edge network or system because the damage of the public network-attack is far stronger than an enterprise network or systems-attack and the speed of its propagation is far faster. Theses attacks typically cause not only traffic congestion but also network failure exhausting network bandwidth, router processing capacity using the abnormal traffic or excessive network traffic, so that they can have an extremely large impact on the public network. Therefore in this paper, we propose the detection mechanism of network traffic anomalies. This mechanism analyzes flow data based on the statistical anomaly detection. Besides, it supports the two analysis methodratio based analysis and volume based analysis, and it correlates the results from these two models or the results of analysis according to each traffic characteristic parameter to solve the problem of each model and reduce the false-positive.