Multi-layer Anomaly Detection for Internet Traffic Based on Data Mining

The large number of internet traffic has highlighted the importance of traffic detection. Anomaly detection is playing an increasingly important role in network security. Feature matching, statistics rules and data mining are widely used in traditional anomaly detection systems, but they have numerous disadvantages, such as low accuracy, over consumption of processing resources. For the complexities of irregular situation, we propose a new model for anomaly traffic detection in this paper. This study combine feature matching module, statistics rules module and data mining module under fully considering the advantages and disadvantages of these three detection methods. Moreover, a multi-layer detection scheme was introduced to enhance system accuracy and reduce the complexity at the same time. Data mining module is the core of the model, Naive Bayes, decision tree and clustering algorithms are used in this module. The results of this system are produced by integrating the detection results of multi detection modules and proved that it has more accuracy than separate module.