IP Network Anomalous Behaviors Detection Mechanism Based on Cusp-Catastrophe Model

Some traditional anomaly detection mechanisms (such as data mining and Bayes methods) have much poorer performance in terms of detection rate and false alarm rate because they consider only the normal behavior feature of IP networks, and neglect that of the abnormal behaviors. Motivate by the situations, this paper proposed a new characterization model of abnormal behaviors, and also developed an anomaly detection mechanism based on cusp-catastrophe for IP networks. They not only make the best of the prominent features of cusp-catastrophe in terms of multiple steady states and discontinuous catastrophe, and also can describe the normal behavior features and abnormal ones. Finally under Kdd-Cup 99 datasets, the proposed mechanism is evaluated, and the evaluation result shows that its detection rate and the false detection have greatly been improved compared with BN and C4.5.