CPU and Network Traffic Anomaly Detection Method for Cloud Data Center

With the development of the cloud service market, the number of network security attacks on cloud data centers is gradually increasing. The existing anomaly detection methods are all aimed at the research of known attacks, and there is not much progress on the research of some unknown attacks and workload peaks of cloud platforms. In order to deal with the unknown attack of the cloud platform and distinguish the behavior after the attack from the peak load under normal work, this paper studies a cloud data center anomaly detection method for Distributed Denial of Service(DDoS) attacks. We built a virtual machine cluster on openstack, simulated DDoS attacks on virtual machines, collected CPU utilization and network traffic data before and after the attack, and performed anomaly detection and analysis through a single class classification algorithm and analysis of time window sequences. We evaluated the performance of this method through lab-based experiments and real-world cloud data center experiments.