Overview of Anomaly Analysis and Detection Methods for Network Traffic

doi:10.3969/j.issn.1671-1122.2025.02.002

Abstract

Abstract:

With the popularization of the Internet and the increasing threat to network security, the analysis and detection of abnormal characteristics of network traffic have become an important research topic in the field of network security. The article mainly studied the methods of abnormal analysis and detection of network traffic characteristics in recent years. Firstly, the basic concepts and types of network traffic abnormality analysis were introduced. Secondly, the current main anomaly detection technologies were discussed in details, including methods based on statistics, information theory, graph theory, machine learning, and deep learning. Then, common network traffic anomaly detection methods were compared. Finally, the challenges of current research and future development directions were discussed.

Key words: network security, network traffic characteristics, the analysis and detection of anomalies, deep learning

CLC Number:

TP309

LI Hailong, CUI Zhian, SHEN Xieyang. Overview of Anomaly Analysis and Detection Methods for Network Traffic[J]. Netinfo Security, 2025, 25(2): 194-214.

Figures/Tables 13

方法	优点	缺点	改进方法
基于统计学的检测方法	通过建立数据的统计模型，可以直观地识别不符合该模型要求的数据点，并将其作为异常，统计模型通常具有较好的可解释性，便于理解和解释检测结果	在网络流量动态性较强时，统计量的阈值难以确定，这可能导致检测精度下降，对复杂攻击识别能力有限	通过动态阈值调整、多特征融合、引入时间序列分析、结合机器学习算法、考虑流量上下文信息以及优化算法性能等方法，提高准确性和实用性
基于图论的检测方法	通过图论的方法（如最短路径算法、聚类算法和GNN等），能够发现流量数据中的复杂异常模式和异常节点，对于识别复杂的网络攻击和异常行为具有较高的准确性	特征提取和选择是该方法的关键，如何有效提取和选择对异常检测有用的特征是一个具有挑战性的问题。不恰当的特征提取和选择可能导致模型性能下降	通过结合深度学习、优化图结构、分析异常传播路径、增量图构建与更新以及结合其他检测方法，进一步改进基于图论的流量异常检测性能
基于信息论的检测方法	基于信息论的异常检测方法能够捕获流量数据中的信息熵、互信息等特征，从而有效识别与正常流量模式不符的异常行为	在基于信息论的异常检测技术中，如何定义和确定异常判定标准是一个具有挑战性的问题。不同信息论度量可能产生不同异常得分或阈值，因此需要制定合适的判定准则以确保检测结果的准确性和可靠性	通过优化熵度量、特征选择与融合、结合深度学习、提升实时性与效率以及加强对抗性攻击防御，可以进一步提升基于信息论的流量异常检测性能
基于机器学习的检测方法	对于复杂、非线性关系的处理能力强，能够适应不断变化的环境，并且可以处理大规模和高维数据，自动调整检测模型以适应新的行为模式	需要大量标记数据进行训练，模型复杂度较高，不易解释。在某些情况下可能存在过拟合问题，模型选择和参数调整过程复杂	通过优化与集成机器学习模型、改进特征工程、采用增量学习与在线学习技术、处理高维数据与稀疏数据以及加强对抗性攻击防御能力，可以进一步提升基于机器学习的流量异常检测的准确性和实用性
基于深度学习的检测方法	深度学习模型能够处理高维数据，并自动选择较具代表性的特征。这使得基于深度学习的流量异常检测方法能够适应不同网络环境和流量特性	由于深度学习模型需要处理大量数据和复杂的网络结构，其训练过程耗时较长。这可能导致在实时性要求较高的场景中，模型无法及时更新以适应新的异常流量	通过优化深度学习模型、改进特征表示学习、探索无监督与半监督学习方法、实现增量学习与在线学习以及提高模型的鲁棒性与安全性，可以进一步优化基于深度学习的流量异常检测性能

References 96

[1]	LI Qing, HUANG He, LI Ruoyu, et al. A Comprehensive Survey on DDoS Defense Systems: New Trends and Challenges[EB/OL]. (2023-09-01)[2024-04-30]. https://www.sciencedirect.com/science/article/abs/pii/S1389128623003407.
[2]	KSHIRSAGAR D, SHAIKH J M. Intrusion Detection Using Rule-Based Machine Learning Algorithms[C]// IEEE. 2019 5th International Conference on Computing, Communication, Control and Automation (ICCUBEA). New York: IEEE, 2019: 1-4.
[3]	WEON I Y, SONG D H, LEE C H. Effective Intrusion Detection Model through the Combination of a Signature-Based Intrusion Detection System and a Machine Learning-Based Intrusion Detection System[J]. Journal of Information Science and Engineering, 2006, 22(6): 1447-1464.
[4]	HE Yanshan, WANG Ting, XIE Jianli, et al. Analysis of Computer Network Attack Based on the Virus Propagation Model[J]. EURASIP Journal on Wireless Communications and Networking, 2020(1): 63-72.
[5]	QIAN Yekui, SHAN Desheng, WEI Dong, et al. Network-Wide Anomalous Flow Identification Method Based on Traffic Characteristics Distribution[J]. Procedia Computer Science, 2018(131): 1014-1022.
[6]	AHMAD R, ALSMADI I, ALHAMDANI W, et al. A Deep Learning Ensemble Approach to Detecting Unknown Network Attacks[EB/OL]. (2022-06-01)[2024-04-30]. https://doi.org/10.1016/j.jisa.2022.103196.
[7]	BHUYAN M H, BHATTACHARYYA D K, KALITA J K. Network Anomaly Detection: Methods, Systems and Tools[J]. IEEE Communications Surveys & Tutorials, 2014, 16(1): 303-336.
[8]	THOTTAN M, JI Chuanyi. Anomaly Detection in IP Networks[J]. IEEE Transactions on Signal Processing, 2003, 51(8): 2191-2204.
[9]	JIN Mengxiao. Research on Network Abnormal Traffic Detection Algorithm Based on Software-Defined Network[D]. Nanjing: Nanjing University of Posts and Telecommunications, 2020.
	靳梦晓. 基于软件定义网络的网络异常流量检测算法研究[D]. 南京: 南京邮电大学, 2020.
[10]	AL-FAWA’REH M, ABU-KHALAF J, SZEWCZYK P, et al. MalBoT-DRL: Malware Botnet Detection Using Deep Reinforcement Learning in IoT Networks[J]. IEEE Internet of Things Journal, 2023, 11(6): 9610-9629.
[11]	KHEIR N. Behavioral Classification and Detection of Malware through HTTP User Agent Anomalies[J]. Journal of Information Security and Applications, 2013, 18(1): 2-13.
[12]	BAHASHWAN A A, ANBAR M, HASBULLAH I H, et al. Flow-Based Approach to Detect Abnormal Behavior in Neighbor Discovery Protocol (NDP)[ J]. IEEE Access, 2021(9): 45512-45526.
[13]	SAWAYA Y, KUBOTA A, MIYAKE Y. Detection of Attackers in Services Using Anomalous Host Behavior Based on Traffic Flow Statistics[C]// IEEE. 2011 IEEE/IPSJ International Symposium on Applications and the Internet. New York: IEEE, 2011: 353-359.
[14]	FENG Guangsheng, JIANG Shunpeng, HU Xianlang, et al. New Research Progress on Intrusion Detection Techniques for the Internet of Things[J]. Netinfo Security, 2024, 24(2): 167-178.
	冯光升, 蒋舜鹏, 胡先浪, 等. 面向物联网的入侵检测技术研究新进展[J]. 信息网络安全, 2024, 24(2): 167-178.
[15]	AHMED M, NASER M A, HU Jiankun. A Survey of Network Anomaly Detection Techniques[J]. Journal of Network and Computer Applications, 2016(60): 19-31.
[16]	CHOUHAN P B, RICHHARIYA V. A Survey: Analysis of Current Approaches in Anomaly Detection[EB/OL]. (2015-02-18)[2024-04-30]. https://doi.org/10.48550/arXiv.2405.06172.
[17]	CHANDOLA V, BANERJEE A, KUMAR V. Anomaly Detection: A Survey[J]. ACM Computing Surveys (CSUR), 2009, 41(3): 1-58.
[18]	KUZNETSOV A, KIIAN A, SMIRNOV O, et al. Variance Analysis of Networks Traffic for Intrusion Detection in Smart Grids[C]// IEEE. 2019 IEEE 6th International Conference on Energy Smart Systems (ESS). New York: IEEE, 2019: 353-358.
[19]	LI Lan, LEE G. DDoS Attack Detection and Wavelets[J]. Telecommunication Systems, 2005, 28(3): 435-451.
[20]	BARFORD P, KLINE J, PLONKA D, et al. A Signal Analysis of Network Traffic Anomalies[C]// ACM. Proceedings of the Second ACM SIGCOMM Workshop on Internet Measurment (IMW’02). New York: ACM, 2002: 71-82.
[21]	ALDHYANI T H H, ALRASHEEDI M, ALQARNI A A, et al. Intelligent Hybrid Model to Enhance Time Series Models for Predicting Network Traffic[J]. IEEE Access, 2020(8): 130431-130451.
[22]	OZKAN H, OZKAN F, KOZAT S S. Online Anomaly Detection under Markov Statistics with Controllable Type-I Error[J]. IEEE Transactions on Signal Processing, 2016, 64(6): 1435-1445.
[23]	ALGHAWLI A S. Complex Methods Detect Anomalies in Real Time Based on Time Series Analysis[J]. Alexandria Engineering Journal, 2022, 61(1): 549-561.
[24]	NABI F, ZHOU Xujuan. Enhancing Intrusion Detection Systems through Dimensionality Reduction: A Comparative Study of Machine Learning Techniques for Cyber Security[EB/OL]. (2024-01-01)[2024-04-26]. https://doi.org/10.1016/j.csa.2023.100033.
[25]	JIN Bo. Research and Improvement of Network Abnormal Traffic Detection Algorithm[J]. Computer & Digital Engineering, 2020, 48(6): 1440-1444.
	金波. 关于网络异常流量检测算法的研究与改进[J]. 计算机与数字工程, 2020, 48(6): 1440-1444.
[26]	YAO Chengpeng, YANG Yu, YIN Kun, et al. Traffic Anomaly Detection in Wireless Sensor Networks Based on Principal Component Analysis and Deep Convolution Neural Network[J]. IEEE Access, 2022, 10: 103136-103149.
[27]	CHEN Jinfu, CHEN Yuhao, CAI Saihua, et al. An Optimized Feature Extraction Algorithm for Abnormal Network Traffic Detection[J]. Future Generation Computer Systems, 2023, 149: 330-342.
[28]	PI Ben, GUO Chun, CUI Yunhe, et al. Remote Access Trojan Traffic Early Detection Method Based on Markov Matrices and Deep Learning[EB/OL]. (2023-11-01)[2024-04-30]. https://doi.org/10.1016/j.cose.2023.103628.
[29]	REN Huorong, YE Zhixing, LI Zhiwu. Anomaly Detection Based on a Dynamic Markov Model[J]. Information Sciences, 2017(411): 52-65.
[30]	BANG J H, CHO Y J, KANG K. Anomaly Detection of Network-Initiated LTE Signaling Traffic in Wireless Sensor and Actuator Networks Based on a Hidden Semi-Markov Model[J]. Computers & Security, 2017, 65: 108-120.
[31]	GORSHENIN A, KOZLOVSKAYA A, GORBUNOV S, et al. Mobile Network Traffic Analysis Based on Probability-Informed Machine Learning Approach[EB/OL]. (2024-04-01)[2024-04-30]. https://www.sciencedirect.com/science/article/abs/pii/S0167404816301614.
[32]	PUTINA A, ROSSI D. Online Anomaly Detection Leveraging Stream-Based Clustering and Real-Time Telemetry[J]. IEEE Transactions on Network and Service Management, 2021, 18(1): 839-854.
[33]	BOTANA I L, EIRAS-FRANCO C, ALONSO-BETANZOS A. Regression Tree Based Explanation for Anomaly Detection Algorithm[C]// MDPI. The Proceedings of 3rd XoveTIC Conference. Basel: MDPI, 2020, 54(1): 7-19.
[34]	QIAO Shaojie, HAN Nan, ZHANG Kaifeng, et al. Algorithm for Detecting Overlapping Communities from Complex Network Big Data[J]. Journal of Software, 2017, 28(3): 631-647.
	乔少杰, 韩楠, 张凯峰, 等. 复杂网络大数据中重叠社区检测算法[J]. 软件学报, 2017, 28(3): 631-647.
[35]	SADREAZAMI H, MOHAMMADI A, ASIF A, et al. Distributed-Graph-Based Statistical Approach for Intrusion Detection in Cyber-Physical Systems[J]. IEEE Transactions on Signal and Information Processing over Networks, 2018, 4(1): 137-147.
[36]	WANG Jing, PASCHALIDIS I C. Botnet Detection Based on Anomaly and Community Detection[J]. IEEE Transactions on Control of Network Systems, 2017, 4(2): 392-404.
[37]	XIAO Qingsai, LIU Jian, WANG Quiyun, et al. Towards Network Anomaly Detection Using Graph Embedding[C]// Springer. Computational Science (ICCS 2020). Heidelberg: Springer, 2020: 156-169.
[38]	ABOU D A, SALAHUDDIN M A, LIMAM N, et al. A Graph-Based Machine Learning Approach for Bot Detection[C]// IEEE. 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM). New York: IEEE, 2019: 144-152.
[39]	HU Xiaoyan, GAO Wenjie, CHENG Guang, et al. Toward Early and Accurate Network Intrusion Detection Using Graph Embedding[J]. IEEE Transactions on Information Forensics and Security, 2023, 18: 5817-5831.
[40]	JIN Zilong, QIAN Jun, KONG Zhixiang, et al. A Mobility Aware Network Traffic Prediction Model Based on Dynamic Graph Attention Spatio-Temporal Network[EB/OL]. (2023-11-01)[2024-04-30]. https://doi.org/10.1016/j.comnet.2023.109981.
[41]	ZOLA F, SEGUROLA-GIL L, BRUSE J L, et al. Network Traffic Analysis through Node Behaviour Classification: A Graph-Based Approach with Temporal Dissection and Data-Level Preprocessing[EB/OL]. (2022-01-29)[2024-04-30]. https://doi.org/10.1016/j.cose.2022.102632.
[42]	MENG Xianke, ZHANG Shuo, XIONG Shi, et al. Network Traffic Anomaly Detection Based on Spatial-Temporal Attention Feature[J]. Computer Applications and Software, 2023, 40(4): 99-106.
	孟献轲, 张硕, 熊诗, 等. 基于时空注意力特征的异常流量检测方法[J]. 计算机应用与软件, 2023, 40(4): 99-106.
[43]	LUO Hongfang, WANG Chunzhi. Simulation of Large-Scale Network Traffic Anomaly Detection under Cloud Computing[J]. Computer Simulation, 2023, 40(1): 433-436.
	罗宏芳, 王春枝. 云计算下大规模网络流量异常检测仿真[J]. 计算机仿真, 2023, 40(1): 433-436.
[44]	PEI Wei, YUAN Xiaofang, WANG Dong, et al. Detecting Traffic Anomalies at Application Layer in Metro Area Network[J]. Application Research of Computers, 2010, 27(6): 2222-2225.
	裴唯, 袁小坊, 王东, 等. 城域网应用层流量异常检测与分析[J]. 计算机应用研究, 2010, 27(6): 2222-2225.
[45]	ZHANG Dongxin, LANG Bo, YAN Hanbing. Attack Detection Method Based on Flow Behavior Graph[J]. Netinfo Security, 2022, 22(1): 72-79.
	张东鑫, 郎波, 严寒冰. 基于流量行为图的攻击检测方法[J]. 信息网络安全, 2022, 22(1): 72-79.
[46]	PANG Bo, FU Yongquan, REN Siyuan, et al. CGNN: Traffic Classification with Graph Neural Network[EB/OL]. (2021-10-19)[2024-04-30]. https://arxiv.org/abs/2110.09726v1.
[47]	JI Xingguo, MENG Qingmin. Traffic Classification Based on Graph Convolutional Network[C]// IEEE. 2020 IEEE International Conference on Advances in Electrical Engineering and Computer Applications (AEECA). New York: IEEE, 2020: 596-601.
[48]	XU Renjie, WU Guangwei, WANG Weiping, et al. Applying Self-Supervised Learning to Network Intrusion Detection for Network Flows with Graph Neural Network[EB/OL]. (2024-03-03)[2024-04-30]. https://doi.org/10.1016/j.comnet.2024.110495.
[49]	IBRAHIM J, GAJIN S. Entropy-Based Network Traffic Anomaly Classification Method Resilient to Deception[J]. Computer Science and Information Systems, 2022, 19(1): 87-116.
[50]	SAHOO K S, PUTHAL D, TIWARY M, et al. An Early Detection of Low Rate DDoS Attack to SDN Based Data Center Networks Using Information Distance Metrics[J]. Future Generation Computer Systems, 2018, 89: 685-697.
[51]	KUMAR P, TRIPATHI M, NEHRA A, et al. SAFETY: Early Detection and Mitigation of TCP SYN Flood Utilizing Entropy in SDN[J]. IEEE Transactions on Network and Service Management, 2018, 15(4): 1545-1559.
[52]	YAN Chenghua, CHENG Jin, FAN Panxing. Research on the Structural Characteristics of Network Traffic Information Based on Information Entropy[J]. Netinfo Security, 2014, 14(3): 28-31.
	严承华, 程晋, 樊攀星. 基于信息熵的网络流量信息结构特征研究[J]. 信息网络安全, 2014, 14(3): 28-31.
[53]	XUANYUAN Ming, RAMSURRUN V, SEEAM A. Detection and Mitigation of DDoS Attacks Using Conditional Entropy in Software-Defined Networking[C]// IEEE. 2019 11th International Conference on Advanced Computing (ICoAC). New York: IEEE, 2019: 66-71.
[54]	TIAN Qiwen, MIYATA S. A DDoS Attack Detection Method Using Conditional Entropy Based on SDN Traffic[J]. IoT, 2023, 4(2): 95-111.
[55]	BEHAL S, KUMAR K. Detection of DDoS Attacks and Flash Events Using Novel Information Theory Metrics[J]. Computer Networks, 2017, 116: 96-110.
[56]	TELIKANI A, GANDOMI A H, CHOO K R, et al. A Cost-Sensitive Deep Learning-Based Approach for Network Traffic Classification[J]. IEEE Transactions on Network and Service Management, 2022, 19(1): 661-670.
[57]	NOTO K, BRODLEY C, SLONIM D. Anomaly Detection Using an Ensemble of Feature Models[C]// IEEE. 2010 IEEE International Conference on Data Mining. New York: IEEE, 2010: 953-958.
[58]	LI Daoquan, LI Teng, LI Yuxiu. SDN Abnormal Traffic Detection Architecture Based on Machine Learning[J]. Computer Engineering and Design, 2023, 44(7): 1928-1936.
	李道全, 李腾, 李玉秀. 基于机器学习的SDN异常流量检测架构[J]. 计算机工程与设计, 2023, 44(7): 1928-1936.
[59]	ALSARHAN A, ALAUTHMAN M, ALSHDAIFAT E, et al. Machine Learning-Driven Optimization for SVM-Based Intrusion Detection System in Vehicular Ad Hoc Networks[J]. Journal of Ambient Intelligence and Humanized Computing, 2023, 14(5): 6113-6122.
[60]	CHEN Dasheng, SONG Qi, ZHANG Yinbin, et al. Identification of Network Traffic Intrusion Using Decision Tree[J]. Journal of Sensors, 2023(4): 1-9.
[61]	PANIGRAHI R, BORAH S, BHOI A K, et al. A Consolidated Decision Tree-Based Intrusion Detection System for Binary and Multiclass Imbalanced Datasets[J]. Mathematics, 2021, 9(7): 751-786.
[62]	LI Haitao, WANG Ruimin, DONG Weiyu, et al. Semi-Supervised Network Traffic Anomaly Detection Method Based on GRU[J]. Computer Science, 2023, 50(3): 380-390. doi: 10.11896/jsjkx.220100032
	李海涛, 王瑞敏, 董卫宇, 等. 一种基于GRU的半监督网络流量异常检测方法[J]. 计算机科学, 2023, 50(3): 380-390. doi: 10.11896/jsjkx.220100032
[63]	MICHAEL A K J, VALLA E, NEGGATU N S, et al. Network Traffic Classification via Neural Networks[R]. Cambridge: University of Cambridge, UCAM-CL-TR-912, 2017.
[64]	DING Hongwei, CHEN Leiyang, DONG Liang, et al. Imbalanced Data Classification: A KNN and Generative Adversarial Networks-Based Hybrid Approach for Intrusion Detection[J]. Future Generation Computer Systems, 2022, 131: 240-254.
[65]	AL-SANJARY O I, ROSLAN M A B, HELMI R A A, et al. Comparison and Detection Analysis of Network Traffic Datasets Using K-Means Clustering Algorithm[EB/OL]. (2020-08-03)[2024-04-30]. https://www.researchgate.net/publication/343408460_Comparison_and_Detection_Analysis_of_Network_Traffic_Datasets_Using_K-Means_Clustering_Algorithm.
[66]	HOU Yubo, CHEN Zhenghua, WU Min, et al. Mahalanobis Distance Based Adversarial Network for Anomaly Detection[C]// IEEE. 2020 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP 2020). New York: IEEE, 2020: 3192-3196.
[67]	YUAN Zhong, CHEN Baiyang, LIU Jia, et al. Anomaly Detection Based on Weighted Fuzzy-Rough Density[EB/OL]. (2023-02-01)[2024-04-30]. https://doi.org/10.1016/j.asoc.2023.109995.
[68]	BANSAL M, SHARMA D. Density-Based Structural Embedding for Anomaly Detection in Dynamic Networks[J]. Neurocomputing, 2022, 500: 724-740.
[69]	AJDANI M, GHAFFARY H. Introduced a New Method for Enhancement of Intrusion Detection with Random Forest and PSO Algorithm[EB/OL]. (2021-01-24)[2024-04-30]. https://doi.org/10.1002/spy2.147.
[70]	WANG Yan, ZHANG Haifeng, WEI Yongjun, et al. An Evolutionary Computation-Based Machine Learning for Network Attack Detection in Big Data Traffic[EB/OL]. (2023-05-01)[2024-04-30]. https://doi.org/10.1016/j.asoc.2023.110184.
[71]	TALITA A S, NATAZA O S, RUSTAM Z. Naïve Bayes Classifier and Particle Swarm Optimization Feature Selection Method for Classifying Intrusion Detection System Dataset[EB/OL]. (2021-02-01)[2024-04-30]. .
[72]	YIN Zinuo, MA Hailong, HU Tao. A Traffic Anomaly Detection Method Based on the Joint Model of Attention Mechanism and One-Dimensional Convolutional Neural Network-Bidirectional Long Short Term Memory[J]. Journal of Electronics & Information Technology, 2023, 45(10): 3719-3728.
	尹梓诺, 马海龙, 胡涛. 基于联合注意力机制和一维卷积神经网络—双向长短期记忆网络模型的流量异常检测方法[J]. 电子与信息学报, 2023, 45(10): 3719-3728.
[73]	PU Xiaochuan, ZHANG Yuanqiang, RUAN Qingqiang. Optimization of Intrusion Detection System Based on Improved Convolutional Neural Network Algorithm[EB/OL]. (2022-09-25)[2024-04-30]. https://doi.org/10.1155/2022/6762175.
[74]	HOOSHMAND M K, HOSAHALLI D. Network Anomaly Detection Using Deep Learning Techniques[J]. CAAI Transactions on Intelligence Technology, 2022, 7(2): 228-243.
[75]	PEKTAS A, ACARMAN T. A Deep Learning Method to Detect Network Intrusion through Flow-Based Features[EB/OL]. (2018-11-07)[2024-04-30]. https://doi.org/10.1002/nem.2050.
[76]	YUAN Xiaoyong, LI Chuanhuang, LI Xiaolin. DeepDefense: Identifying DDoS Attack via Deep Learning[C]// IEEE. 2017 IEEE International Conference on Smart Computing (SMARTCOMP). New York: IEEE, 2017: 1-8.
[77]	DENG Huawei, LI Xiwang. Abnormal Network Flow Identification and Detection Based on Deep Learning[J]. Computer Systems & Applications, 2023, 32(2): 274-280.
	邓华伟, 李喜旺. 基于深度学习的网络流量异常识别与检测[J]. 计算机系统应用, 2023, 32(2): 274-280.
[78]	LI Huang, GE Hongjuan, YANG Haoqi, et al. An Abnormal Traffic Detection Model Combined BiIndRNN with Global Attention[J]. IEEE Access, 2022, 10: 30899-30912.
[79]	DEY S K, RAHMAN M M. Flow Based Anomaly Detection in Software Defined Networking: A Deep Learning Approach with Feature Selection Method[C]// IEEE. 2018 4th International Conference on Electrical Engineering and Information & Communication Technology (iCEEiCT). New York: IEEE, 2018: 630-635.
[80]	QU Yanze, MA Hailong, JIANG Yiming. CRND: An Unsupervised Learning Method to Detect Network Anomaly[EB/OL]. (2022-10-28)[2024-04-30]. https://doi.org/10.1155/2022/9509417.
[81]	YANG Yuelin, BI Zongze. Network Traffic Anomaly Detection Based on Deep Learning[J]. Computer Science, 2021, 48(S2): 540-546.
	杨月麟, 毕宗泽. 基于深度学习的网络流量异常检测[J]. 计算机科学, 2021, 48(S2): 540-546.
[82]	ZONG Bo, SONG Qi, MIN M R, et al. Deep Autoencoding Gaussian Mixture Model for Unsupervised Anomaly Detection[EB/OL]. (2018-02-15)[2024-04-30]. https://www.semanticscholar.org/paper/Deep-Autoencoding-Gaussian-Mixture-Model-for-Zong-Song/dbc7401e3e75c40d3c720e7db3c906d48bd742d7.
[83]	TANG T A, MHAMDI L, MCLERNON D, et al. Deep Learning Approach for Network Intrusion Detection in Software Defined Net-working[C]// IEEE. 2016 International Conference on Wireless Networks and Mobile Communications (WINCOM). New York: IEEE, 2016: 258-263.
[84]	CHEN Guanheng, SU Jinshu. Abnormal Traffic Detection Algorithm Based on Deep Neural Network[J]. Netinfo Security, 2019, 19(6): 68-75.
	陈冠衡, 苏金树. 基于深度神经网络的异常流量检测算法[J]. 信息网络安全, 2019, 19(6): 68-75.
[85]	QAZI E U H, FAHEEM M H, ZIA T. HDLNIDS: Hybrid Deep-Learning-Based Network Intrusion Detection System[EB/OL]. (2023-04-14)[2024-04-30]. https://doi.org/10.3390/app13084921.
[86]	YAO Ruizhe, WANG Ning, LIU Zhihui, et al. Intrusion Detection System in the Advanced Metering Infrastructure: A Cross-Layer Feature-Fusion CNN-LSTM-Based Approach[EB/OL]. (2021-01-18)[2024-04-30]. https://doi.org/10.3390/s21020626.
[87]	LIN Kunda, XU Xiaolong, XIAO Fu. MFFusion: A Multi-Level Features Fusion Model for Malicious Traffic Detection Based on Deep Learning[EB/OL]. (2022-01-15)[2024-04-30]. https://doi.org/10.1016/j.comnet.2021.108658.
[88]	WANG Kai, CHEN Liyun, WANG Shuai, et al. Network Traffic Feature Engineering Based on Deep Learning[EB/OL]. (2018-06-22)[2024-04-30]. https://iopscience.iop.org/article/10.1088/1742-6596/1069/1/012115.
[89]	ZHANG Jia, LI Zhiyong, NAI Ke, et al. DELR: A Double-Level Ensemble Learning Method for Unsupervised Anomaly Detection[EB/OL]. (2019-10-01)[2024-04-30]. https://doi.org/10.1016/j.knosys.2019.05.026.
[90]	D’ALCONZO A, DRAGO I, MORICHETTA A, et al. A Survey on Big Data for Network Traffic Monitoring and Analysis[J]. IEEE Transactions on Network and Service Management, 2019, 16(3): 800-813.
[91]	KING M L, ZHANG Xibin, AKRAM M. Hypothesis Testing Based on a Vector of Statistics[J]. Journal of Econometrics, 2020, 219(2): 425-455.
[92]	BAKAR R A, MARINIS L D, CUGINI F, et al. FTG-Net-E: A Hierarchical Ensemble Graph Neural Network for DDoS Attack Detection[EB/OL]. (2024-03-08)[2024-04-30]. https://doi.org/10.1016/j.comnet.2024.110508.
[93]	ALJEHANE N O, MENGASH H A, HASSINE S B H, et al. Optimizing Intrusion Detection Using Intelligent Feature Selection with Machine Learning Model[J]. Alexandria Engineering Journal, 2024, 91: 39-49.
[94]	BATUR S C, ABUALIGAH L. A Novel Deep Learning-Based Feature Selection Model for Improving the Static Analysis of Vulnerability Detection[J]. Neural Computing and Applications, 2021, 33(20): 14049-14067.
[95]	XIE Yajuan, TANG Hesheng. A Deep Learning Approach Based on Domain Generalization for Mooring Tension Prediction in Floating Structures[EB/OL]. (2024-03-25)[2024-04-30]. https://doi.org/10.1016/j.oceaneng.2024.118128.
[96]	LI Zhaowen, LIU Jianming, PENG Yichun, et al. A Novel Method to Information Fusion in Multi-Source Incomplete Interval-Valued Data via Conditional Information Entropy: Application to Mutual Information Entropy Based Attribute Reduction[EB/OL]. (2024-01-01)[2024-04-30]. https://doi.org/10.1016/j.ins.2023.120011.

方法	典型方案	优点	缺点
方差分析法	文献[19,20] 方案	不需要训练数据、自动阈值确定、易于实现	阈值设定困难、难以处理复杂模式、对噪声敏感
时间序列分析法	文献[22,23] 方案	预测能力强，适用于大规模数据和多维分析	高维数据适应性差、离群点较敏感、单变量分析局限
主成分分析法	文献[26,27] 方案	降维效果显著、特征提取能力强、可解释性好	对参数敏感、不适合动态变化数据、无法检测未知分布数据
马尔可夫过程模型法	文献[29,33] 方案	状态转移捕捉能力强、转移矩阵可视化、实时性较好	状态定义和划分困难、训练数据需求高、参数调优难度大

方法	典型方案	优点	缺点
基于社区检测的异常分析	文献[35,36] 方案	能够捕捉流量结构、多尺度分析、可应对复杂网络	社区划分的不确定性、不适合动态变化数据、计算复杂度高
基于图嵌入的异常检测	文献[38,39] 方案	对稀疏数据的适应性好，支持降维和特征提取	不适合非线性数据，依赖于网络表示
基于动态图的异常检测	文献[41,42] 方案	动态建模、多维数据分析、可视化分析	计算复杂度高、参数调整和优化难度高
聚类算法	文献[43,44] 方案	无监督学习、适应不同分布、可处理高维数据	噪声和离群点敏感、解释性较差
基于图神经网络的异常检测	文献[47,48] 方案	学习节点表示、不需要监督或半监督、良好的泛化能力	计算成本高、数据预处理要求高

方法	典型方案	优点	缺点
基于熵的流量异常检测	文献[50,51] 方案	适用于非线性系统，原理简单、参数可解释	不适合高维数据和动态变化数据，方法单一
基于条件熵的异常检测	文献[54,55] 方案	高识别率、低误判率和较好的鲁棒性	参数设置困难，上下文具有依赖性
基于信息成本的流量优化与异常检测	文献[57] 方案	捕捉关联性、优化分类器性能以及较好的鲁棒性	计算复杂度高，对新型攻击的适应性问题以及对数据样本质量的依赖性高

方法	典型方案	优点	缺点
有监督学习算法	文献[59,61] 方案	准确性高、灵活性强、可解释性好	依赖大量标记数据、泛化能力受限
无监督学习算法	文献[64,66] 方案	不需要标记数据，实时性、自适应性和可扩展性较好	解释性相对较差，参数调整和模型选择复杂
集成学习方法	文献[69,71] 方案	降低单一分类器的风险、增强模型泛化能力	计算资源消耗大、模型复杂度高

方法	典型方案	优点	缺点
基于CNN的异常检测	文献[74,75] 方案	强大的特征提取能力、平移不变性、高效的参数共享	训练时间长、模型解释性差、过拟合风险大
RNN及其变种（如LSTM、GRU）	文献[76,79] 方案	时间序列处理能力较强，具有记忆和历史信息利用能力，适用于复杂模式	训练难度较高、存在梯度消失和梯度爆炸问题
自编码器	文献[80,82] 方案	无需标记数据、灵活性强	对流量数据的泛化能力有限
基于DNN的异常检测	文献[83] 方案	能处理大规模数据、高准确率、自适应性强	计算资源要求高、数据需求量大
混合方法	文献[86,87] 方案	互补性好、高准确性、减少误报和漏报	复杂性较高，需要一定的集成成本