Information Technology Journal1812-56381812-5646Asian Network for Scientific Information10.3923/itj.2012.1243.1250YanRuoyu ShaoChao 92012119Traffic anomaly detection and attack identification are research focus in the network security community. In the paper, a hierarchical system framework is proposed to detect and identify traffic anomaly in high-speed network. At first, multiple basic detectors developed under authors previous research work are represented roughly. Then an alerts fusion method combining these basic detectors is used to improve on the anomaly detection ability. Experiments in real high-speed network demonstrate that the method has higher detection performance than basic detectors and majority voting method. To further identify attack type accurately, seven traffic features are used to characterize three types of attack (port scan, network scan and DoS attack) and traffic distribution change for each traffic feature is measured by cross entropy. Then Exponentially Weighted Moving Average (EWMA) control chart method based on cross entropy is proposed to classify attacks. The experimental results on traffic in backbone router have shown that the method has strong ability to detect and identify attacks.]]>CCRC,20052005Deri, L.,20032003pp: 17Guang, C., Y. Tang, J. Jiang and W. Ding,20092009pp: 341346Salem, O., A. Mehaoua, S. Vaton and A. Gravey,20092009pp: 101107Gao J., W. Fan, D. Turaga, O. Verscheure, X. Meng, L. Su and J. Han,20112011pp: 181185Gu, G., A.A. C'ardenas and W. Lee,20082008pp: 136147Corona, I., G. Giacinto and F. Roli,200812691113Seni, G. and F. Elder,2010pages: 126pages: 126Kumar, K., R.C. Joshil and K. Singh,20072007pp: 331337Lakhina, A., M. Crovella and C. Diot,200535217228Nychis, G., V. Sekar, D.G. Andersen, H. Kim and H. Zhang,20082008pp: 151156Yan, R., Q. Zheng and H. Li,20104428451Yan, R. and Q. Zheng,2009811801188Yan, R. and Y. Wang,201211269275Zhi-Xin, S., T. Yi-Wei and C. Yuan,20072007