Enhanced Network Traffic Anomaly Detection: Integration of Tensor Eigenvector Centrality with Low-Rank Recovery Models

In service computing, network traffic anomaly detection is pivotal for monitoring and identifying irregularities in network traffic to uphold the security, reliability, and stability of networks and services. In network traffic data, centrality is exhibited as certain nodes more frequently act as communication sources or destinations, or play critical intermediary roles in the network. These structures are also among the targets of network bottlenecks and targeted attacks. Current unsupervised network traffic anomaly detection algorithms, based on low-rank tensor recovery, achieve effective detection performance by comprehensively capturing network information. However, these algorithms often neglect the underlying topological structure, focusing solely on linear data structures, which leads to overlooking the degree of traffic concentration and nonlinear data structures. It reduces the detection efficiency of abnormal traffic generated by targeted attacks. To comprehensively understand the evolution of traffic concentration over time, this study introduces a mathematical formula for tensor eigenvector edge centrality. The formula provides rankings of edge importance based on the significance of nodes and time layers, and the effectiveness of centrality is validated through structural perturbations in the network. On this basis, we design a low-rank tensor recovery model utilizing representation learning to obtain the centrality feature matrix of network traffic data. By encoding centrality for nonlinear proximity information, and incorporating the Laplacian matrix to capture nonlinear structural information in tensor decomposition, the accuracy of anomaly detection is enhanced. Extensive experiments on Abilene and G & Egrave;ANT network traffic data demonstrate that our proposed algorithm not only achieves higher precision and recall rates in random anomalies but also performs better in detecting anomalous traffic generated by high centrality structures compared to state of art algorithms based on matrix-based anomaly detection and tensor recovery methods.