| 摘要 |
The invention relates to a method of detecting an anomaly in traffic containing a plurality of flows. Each flow has a plurality of flow features. The method including the steps of: (i) dividing the traffic into a plurality of sets, on the basis a first flow feature, such that the flows in at least one of the sets have a common value for the first flow feature (ii) determining that the anomaly is present in one of the sets and, (iii) dividing the set in which the anomaly is present on the basis of a second flow feature, such that the flows in at least one of the resulting sets have a common value for the second flow feature. |
