| 摘要 |
A method for detecting a network traffic anomaly by using netflow information is provided to use a correlation between the number of flows and the number of bytes obtainable from netflow information through regression analysis when detecting an anomaly, thereby expanding utility of the netflow information. A system receives flows per second and bytes per second from a flow collector daemon(S401). The system obtains regression coefficients based on a current time from a regression coefficient generator(S402). The system calculates an upper limit and a lower limit of a reliable section from a regression model based on the flows per second(S403). The system decides whether the number of the bytes is between the upper limit and the lower limit(S404). If not, the system outputs a network traffic anomaly(S405).
|
