Anomalies detection method of IP forwarding based on behavior model
基于行为模型的IP Forwarding异常检测方法

A simple, robust method was proposed that integrated routing and traffic data streams to reliably detect forwarding anomalies. High resolution measurements and on-line analysis of network traffic and routing were used to provide real-time alarms in the incipient phase of network anomalies. The anomalies identification method based on behavior model used path changes, flow shift and packet delay variance and relied extensively on IP packet header information, such as TTL, source/destination address, packet length, and router's timestamps. The overall method is scalable, automatic and self-training, and effectively identifies forwarding anomalies, while avoiding the high false alarms rate.