A novel multi-modal incremental tensor decomposition for anomaly detection in large-scale networks

Network traffic anomaly detection is a crucial task for today's network monitoring and maintenance. However, with the rapid growth of network data volume, the data structure has become more and more complex, showing multi-modal characteristics, which makes traffic anomaly detection face a great challenge. The earlier proposed anomaly detection methods have the following deficiencies, i ) Most of them are static or dynamic detection methods that only grow along the temporal modality. ii ) Lower detection rate or higher computational cost. To address these deficiencies, this article proposes a traffic anomaly detection framework based on multi-modal incremental tensor decomposition, which has the following three highlights, i ) Constructing traffic data as a tensor model to fully mine the correlation between data, and the proposed framework is applicable to the situation where traffic data grows dynamically along multiple modes. ii ) Using the multi-modal incremental tensor decomposition method to process dynamically growing data without decomposing all the data, greatly reducing computational cost and improving data quality. iii) ) Using the XGBoost classification algorithm for anomaly detection to improve detection accuracy. Finally, the results of experiments on two real network traffic datasets NSL-KDD and CICDDOS 2019 show that the proposed framework can achieve a high detection rate of 99.21%, and has the characteristics of good scalability and fast detection speed.