Abstract:
Network anomaly detection is essential for network management and network security. Over the years, a large number of domestic and foreign documents have proposed a series of network anomaly detection methods, most of which focus on the analysis, detection and warning of data packets and independent time series data streams. This kind of method only uses the temporal correlation between network data and it is difficult to detect new types of network anomalies, locate and eliminate abnormal data. In order to solve the above problems, some literatures integrate multiple time series data streams and study network anomaly detection methods based on low-rank decomposition. These methods make full use of the spatio-temporal correlation between network data, and they could locate the location of abnormal data without supervision, and eliminate the abnormal data at the same time, so as to restore the normal data of the network. We firstly analyze the anomaly detection methods based on low-rank decomposition. The methods are divided into four categories according to its different constraints on normal data and abnormal data, and the basic ideas, advantages and disadvantages of each method are introduced. Then, the challenges of existing anomaly detection methods based on low-rank decomposition are analyzed. Finally, the possible future development trends are predicted.