CN1617512A - Adaptive network flow forecasting and abnormal alarming method - Google Patents

Abstract

This invention provide a network flow performance prediction and abnormal alarming technology and a method based on the genetic algorithms, which utilizes genetic algorithms to predict the flow state of the next time from the horizontal time degree then to utilize the statistics method to judge the abnormal situation of said flow based on the flow sample in a related time period of each day in the historical flow information from the longitudinal time degree. The method is realized by four steps of network flow data collection, process and storage, prediction and abnormal alarming.

Description

A kind of self adaptive network traffic prediction and abnormal alarm method

Technical field

The present invention relates to technical field of computer network management, particularly a kind of self adaptive network traffic prediction and abnormal alarm method.

Background technology

The continuous expansion of rapid development of network technology and scale, the Network complexity improves day by day.In this environment, resource distribution degree and degree of share all enlarge rapidly, the failure that any small fault all may cause the user to use.In order to improve service quality and to reduce operating cost, find that timely and effectively the abnormal conditions of network traffics become more and more important in network management.Prediction and warning are two effective means.

Time series to network traffics is predicted, the statistical model method of the classical Poisson process that is based on.Under the environment that current network new business continues to bring out, great change has taken place in traffic characteristic, the network behavior of the reaction reality that this random statistical model can not be authentic and valid.

Network traffics warning aspect, traditional warning system generally just simply judges according to a fixed threshold of system configuration whether present flow rate is in normal condition, if flow less than the threshold value of this setting then think that the present flow rate state is normal, is reported to the police otherwise then produce.And in the real network environment, the setting of threshold value is very difficult, and threshold value too greatly then loss improves, and the too little then false drop rate of threshold value improves.

(Genetic Algorithm GA) is the intelligent optimization algorithm of an analoglike biological evolution to genetic algorithm, often is used to the optimization problem in the industrial process.It has used the viewpoint of biogenetics, by mechanism of action such as natural selection, heredity, variations, realizes the adaptive raising of each individuality, and this point has embodied the evolutionary process of occurring in nature " survival of the fittest in natural selection, the survival of the fittest ".Compare with conventional method, the specific field with the problem of not relying on of genetic algorithm has very strong advantages such as robustness to the kind of problem.Genetic algorithm has become an important branch of evolutionary computation research.

Genetic algorithm is an example with a group individuality, and they all have the DNA of oneself.Weigh each individual adaptability (it is regarded as the function that is applicable to DNA of individual weighs) then, and those individualities that more adapt to are more likely multiplied.And the individuality that least adapts to will be exterminated.Each survivor can have an opportunity to multiply (importantly any survivor may multiply, if not too adapt to, only is to have reduced possibility).The DNA that merges parents, the DNA after being combined use random variation with the simulation procreation.Get on very well in theory, new individuality is the same with parents to be adapted to, because variation or increase or subtract and have a slightly little variation.Circulation can go round and begin again then.

Selecting, intersecting and make a variation is operator the most frequently used among the GA: (1) selects operator (Selection/Reproduction): select operator to select individuality in pairs by a certain probability from colony, certain individual x _iSelecteed Probability p _iBe directly proportional with its fitness value.The most common implementation method is roulette (Roulette Wheel) model.(2) crossover operator (Crossover/Recombine): crossover operator is pressed Probability p with the gene strand of two selected individualities _cIntersect, generate two new individualities, crossover location is at random.P wherein _cIt is a system parameters.(3) mutation operator (Mutation): every Probability p of pressing of the gene strand that mutation operator will be newly individual _mMaking a variation, promptly is negate to two-value gene strand (0,1 coding).

Summary of the invention

Purpose of the present invention and task are: to concrete heterogeneous networks, on the basis of the historical flow performance information of network, after utilizing genetic algorithm to dope next flow status constantly from horizontal time degree earlier, again from the flow sample of vertical time degree according to this identical period of every day the historical flow information, utilize statistical method to judge the abnormal conditions of this flow, and carry out classifying alarm, thereby reach the purpose of early warning.

The self adaptive network traffic predicted application that the present invention proposes genetic algorithm.But the present invention is on computer and computer network, the transmission of data, and data processing has been used the technical scheme and the technological means of claims, reaches and realize the purpose and the effect of predicting network flow and abnormal alarm.

Following mask body is set forth the specific implementation mechanism of prediction of this self adaptive network traffic and abnormal alarm method:

Definition

Coding: convert the actual value of historical flow information to each operator of genetic algorithm operable binary string.

Population: some actual values of historical flow information can form a population.System is with current time

Nei flow information is an initial population for the previous period.

Chromosome (individuality): the flow actual value is called chromosome through the individuality that the coding back generates.

Gene: chromosomal each factor of binary representation is called gene.

The ideal adaptation degree: be to chromosome to network environment just when assessment, the big more surface of ideal adaptation degree is should individuality big more to the contribution of prediction.

In order to reach desired purpose, prediction of this self adaptive network traffic and abnormal alarm method, solution realizes by network traffics data acquisition, network traffics data processing and storage, predicting network flow, exception of network traffic warning four-stage on the theoretical foundation that is as above proposed.

Concrete steps are as follows:

One, network traffics data acquisition

Adopt the GET method of SNMP to gather the mib information of router, thereby obtain the real traffic performance information of network.SNMP basic principle structure is as figure (4).System only needs to get final product every 5 minutes collection one secondary data under the general networking situation.(annotate: utilizing SNMP to gather the flow primary data information (pdi) is an international standard agreement)

Two, network traffics data processing and storage

To be converted into flow rate (bps) from the initial data that router collects and be stored in the database.Need write down following essential information:

ID

Router_IP

OID

Traffic

Get_time

ID: the identification field of every record;

Router_IP: data source router IP.

OID: the MIB storehouse object value of being gathered has identified port numbers and the turnover attribute of this flow value from router.For example: 1.3.6.1.2.1.2.2.1.10.5 represents it is the influent stream value of router five port;

1.3.6.1.2.1.2.2.1.16.5 expression is the outflow value of router five port.

Traffic: flow rate (bps).

Get_time: flow data collector constantly.

Three, predicting network flow

Native system adopts genetic algorithm from horizontal time degree network traffics to be predicted, described in background content, the embodiment that the employing genetic algorithm is carried out volume forecasting is as follows:

1) coding

It is the key issue of genetic algorithm that separating of problem is converted to the chromosome that coding expresses, and the purpose of coding is that the phenotype with population data is converted into chromosomal genotype and represents.Binary string length depends on needed precision, and the general networking volume forecasting only need be accurate to kbps, such as in a gigabit LAN, then needs 20 string long.Suppose current population flow maximum Max and minimum M in, the corresponding binary coding of flow value x is that then the two relational expression is as follows for b:

$b=\frac{x-\mathrm{Min}}{\mathrm{Max}-\mathrm{Min}}*(2^{20}-1)$

$x=\mathrm{Min}+b*\frac{(\mathrm{Max}-\mathrm{Min})}{2^{20}-1}$

2) initial population generates

Network traffics general with ought be for the previous period in the network performance situation be closely connected.With the historical flow gathered in n before the current time minute is sample, and each individuality is encoded; System with current time before 5 * n minute (sample size can be decided according to concrete network condition) historical flow of being gathered be sample, with each data on flows x ₁, x ₂..., x _nConvert corresponding binary representation to, so just obtained initial chromosome group b ₁, b ₂..., b _n

3) the ideal adaptation degree calculates

Calculate each chromosomal fitness value in the population.Ideal adaptation degree value be to chromosome just when assessment, be that algorithm is selected the individual important evidence of heredity, the individuality that fitness is big promptly has bigger procreation probability.For next prediction of network traffics constantly, the ideal adaptation degree depends primarily on two factors: the size of flow value and with the current time difference, the flow value fitness in expected range more is big more, the flow value fitness of abnormal conditions is then little.In addition, the flow value approaching more with current time is also big more to the predicted impact of flow value.Therefore, structure ideal adaptation degree function model following (building method of fitness function is not unique):

F(x _i)＝ρ(x _i)·t(x _i)

Wherein, we can assumed density function ρ (x _i) and function of time t (x _i) as follows:

ρ(x _i)＝(Max-Min)-|x _i-E(X)|

${t\left(x_i\right)=\mathrm{\&alpha;}}^{\frac{t_{\mathrm{xi}}-t_0}{\mathrm{\&Delta;t}}}(0<\mathrm{\&alpha;}<1)$

α is a time correlation degree coefficient, sets (generally between 0.7～0.9) according to concrete network condition.

4) select

A distinguishing feature of genetic algorithm be it in space encoder and solution space, working of replacing, in space encoder, chromosome is carried out hereditary computing, and in solution space, assesses and select separating.The selection operation of system adopts wheel commentaries on classics method, thus the chromosome complex that selection makes new advances.Specifically

Execution mode is as follows:

(1) according to the result of calculation of front ideal adaptation degree, all are chromosomal just when sum (pop_size is the population size) to calculate all populations:

$F=\underset{i=1}{\overset{\mathrm{pop}\_\mathrm{size}}{\mathrm{\&Sigma;}}}f\left(x_i\right)$

(2) to each chromosome x _i, calculate and select probability:

$p_{x_i}=\frac{f\left(x_i\right)}{F};i=\mathrm{1,2},...,\mathrm{pop}\_\mathrm{size}$

(3) each chromosome is calculated cumulative probability:

$q_{x_i}=\underset{j=1}{\overset{i}{\mathrm{\&Sigma;}}}{p}_j;i=\mathrm{1,2},...,\mathrm{pop}\_\mathrm{size}$

(4) at [0,1] interval interior equally distributed pseudo random number r that produces, as if r≤q ₁, then select first chromosome x ₁Otherwise, select k chromosome x _k(2≤k≤pop_size) makes q _k-1＜r≤q _kSet up.

(5) the new chromosome population after can obtaining selecting to recombinate behind circulation step 4pop_size time.

5) intersect

Crossover algorithm is an important means that keeps the population diversity of individuals, makes algorithm travel through whole solution space as much as possible.Some interior extrapolation methods that the interlace operation employing is the most frequently used are promptly set a crosspoint at random in choosing individuality, carry out when intersecting, and will choose two part-structures of these some front and back of chromosome to exchange respectively, generate two new individualities.The crossing-over rate that supposing the system is set is p _c, concrete

Execution mode is as follows:

(1) at [0,1] interval interior equally distributed pseudo random number r that produces, if r＜p _cThen select one of parents of intersecting; Otherwise execution in step 3;

(2) if select parents, then produce a random integers pos (1≤pos≤chromosome length) as breakpoint, all positions behind the intersection parents breakpoint generate two new chromosomes.

For example, selecting parents is

x ₁＝[10011011010010101110]

x ₂＝[11010010100110011100]

The new chromosome that produces after the 9th intersection of breakpoint at random is:

x ₁＝[10011011100110011100]

x ₂＝[11010010010010101110]

(3) then do not return 1, circulation pop_size time if do not satisfy end condition.

6) variation

The basic thought of variation is to each complies with the variation Probability p on the chromosome _mCarry out mutation operation: in the two-value gene strand, if this position be 0 then become 1, be 1 and become 0.The specific implementation method is as follows:

Suppose that the variation probability is p _m, the gene of population is counted m and is: population size * chromosome string is long.For making each gene have identical probability to morph, chromosome is arranged in order, and produced equally distributed random number sequence r between [0,1] _k(k=1,2..., m), if r _k≤ p _m, then extrapolate the chromosome number and the item of variation according to address k, mutation operation is carried out in this position.

7) stop judging

So far, just finished an iteration of genetic algorithm.Then do not jump to 3 continuation if do not satisfy end condition, otherwise finish, the value of output fitness the best is as predicted value f _T+1End condition has two, and satisfying any one can stop: the genetic algebra that has arrived default; The genetic prognosis flow value has been tending towards convergence.

Four, three grades of abnormal alarms of network traffics 3 σ (elementary, intermediate, senior)

The current network flow performance state is carried out statistical analysis, and finding potential Traffic Anomaly situation and providing alert is the free-revving engine of system.The network flow value f that utilizes genetic algorithm to dope _T+1After, system adopts method of analysis of variance to carry out the network performance early warning from vertical time degree.Variance analysis is analyzed according to the network prediction result exactly, differentiates a kind of statistical analysis technique of each related factors to the network performance influence.

The flow value in network every day in a certain moment of stable operation is a sample, and the flow value in a certain day this moment is a stochastic variable, its Normal Distribution adopts method of analysis of variance to weigh the departure degree of predicted value and actual value, and produces the rank warning message on this basis.

Use the method for moving average and obtain next predicted value f of network traffics constantly _T+1After, whether for checking this predicted value in normal range (NR), we can estimate with the flow sample variance, and produce three grades of warning messages of 3 σ in view of the above.Embodiment is as follows:

T days historical flow actual value y with the identical moment to be predicted before supposing ₁, y ₂..., yt is a sample, can obtain the variance s of this sample according to the variance computing formula _tThe computing formula that flow moves sample variance and sample standard deviation is:

$s_t^2=\frac{1}{n-1}\underset{i=0}{\overset{n-1}{\mathrm{\&Sigma;}}}{(y_{t-i}-{\stackrel{\&OverBar;}{y}}_t)}^2$

$s_t=\sqrt{\frac{1}{n-1}\underset{i=0}{\overset{n-1}{\mathrm{\&Sigma;}}}{(y_{t-i}-{\stackrel{\&OverBar;}{y}}_t)}^2}$

Wherein ${\stackrel{\&OverBar;}{y}}_t=E\left(y_t\right)=\frac{1}{n}(y_1+y_2+\&CenterDot;\&CenterDot;\&CenterDot;+y_t)$ Then have:

(1) as | f _T+1-y _t|≤s _tThe time: network condition is normal, and the historical relatively flow deviation of next moment predicting network flow value is in allowed band.

(2) work as s _t＜| f _T+1-y _t| during≤2st: produce elementary early warning, the historical relatively flow of next moment predicting network flow value has less deviation.

(3) work as 2s _t＜| f _T+1-y _t|≤3s _tThe time: produce intermediate early warning, the historical relatively flow of next moment predicting network flow value has than large deviation.

(4) work as 3s _t＜| f _T+1-y _t| the time: produce senior early warning, the historical relatively traffic conditions of next moment predicting network flow value has very large deviation.

Characteristics of the present invention and good effect are: (1) adopts genetic algorithm that network traffics are predicted, relative other prediction algorithms, the search of genetic algorithm starts from a population of historical data on flows, adopt transition rule probability rather than definite state, and has a stronger adaptivity, in forecasting process, can initiatively remove the abnormal data in the historical flow, thereby dope network traffics desired value more accurately.(2) carry out volume forecasting from horizontal time degree respectively,, improved sensitivity and accuracy greatly, have lower rate of failing to report and rate of false alarm the network traffics variation tendency from the abnormal conditions that vertical time degree comes the early warning net flow.

Description of drawings

Fig. 1 is the overview flow chart of self adaptive network traffic prediction and abnormal alarm method.

Fig. 2 is the predicting network flow flow chart.

Fig. 3 is a network abnormal alarm flow chart.

Fig. 4 is SNMP basic principle figure.

Embodiment

In the overview flow chart of Fig. 1, system passes through S1-1, network traffics data acquisition, S1-2, and network traffics storage and processing, S1-3, predicting network flow, S1-4, exception of network traffic warning four-stage step realizes.

Fig. 2 predicting network flow flow process, system predicts to network traffics that from horizontal time degree its step is as follows:

S2-1: coding

The general networking volume forecasting only need be accurate to kbps, such as in a gigabit LAN, then needs 20 string long.Suppose current population flow maximum Max and minimum M in, the corresponding binary coding of flow value x is that then the two relational expression is as follows for b:

$b=\frac{x-\mathrm{Min}}{\mathrm{Max}-\mathrm{Min}}*(2^{20}-1)$

$x=\mathrm{Min}+b*\frac{(\mathrm{Max}-\mathrm{Min})}{2^{20}-1}$

S2-2: flow sample initial population generates

System with current time before 5 * n minute (sample size can be decided according to concrete network condition) historical flow of being gathered be sample, with each data on flows x ₁, x ₂..., x _nConvert corresponding binary representation to, so just obtained initial chromosome group b ₁, b ₂..., b _n

S2-3: ideal adaptation degree value is calculated

The individuality that fitness is big promptly has bigger procreation probability.The ideal adaptation degree depends primarily on two factors: flow value the size and with the current time difference, the structure ideal adaptation degree function model following (building method of fitness function is not unique):

F(x _i)＝ρ(x _i)·t(x _i)

Wherein, we can assumed density function ρ (x _i) and function of time t (x _i) as follows:

ρ(x _i)＝(Max-Min)-|x _i-E(X)|

${t\left(x_i\right)=\mathrm{\&alpha;}}^{\frac{t_{\mathrm{xi}}-t_0}{\mathrm{\&Delta;t}}}(0<\mathrm{\&alpha;}<1)$

α is a time correlation degree coefficient, sets (generally between 0.7～0.9) according to concrete network condition.

S2-4: select reorganization

The selection operation of system adopts wheel commentaries on classics method, thus the chromosome complex that selection makes new advances.

(1) according to the result of calculation of front ideal adaptation degree, all are chromosomal just when sum (pop_size is the population size) to calculate all populations:

$F=\underset{i=1}{\overset{\mathrm{pop}\_\mathrm{size}}{\mathrm{\&Sigma;}}}f\left(x_i\right)$

(2) to each chromosome x _i, calculate and select probability:

$p_{x_i}=\frac{f\left(x_i\right)}{F};i=\mathrm{1,2},...,\mathrm{pop}\_\mathrm{size}$

(3) each chromosome is calculated cumulative probability:

$q_{x_i}=\underset{j=1}{\overset{i}{\mathrm{\&Sigma;}}}{p}_j;i=\mathrm{1,2},...,\mathrm{pop}\_\mathrm{size}$

(4) at [0,1] interval interior equally distributed pseudo random number r that produces, as if r≤q ₁, then select first chromosome x ₁Otherwise, select k chromosome x _k(2≤k≤pop_size) makes q _K-1＜r≤q _kSet up.

(5) the new chromosome population after can obtaining selecting to recombinate behind circulation step 4pop_size time.

S2-5: intersect

Choose and set a crosspoint in the individuality at random, carry out when intersecting, will choose two part-structures of these some front and back of chromosome to exchange respectively, generate two new individualities.The crossing-over rate that supposing the system is set is p _c, embodiment is as follows:

(1) at [0,1] interval interior equally distributed pseudo random number r that produces, if r＜p _cThen select one of parents of intersecting; Otherwise execution in step 3;

(2) if select parents, then produce a random integers pos (1≤pos≤chromosome length) as breakpoint, all positions behind the intersection parents breakpoint generate two new chromosomes.

(3) then do not return 1, circulation pop_size time if do not satisfy end condition.

S2-6: variation

The basic thought of variation is to each complies with the variation Probability p on the chromosome _mCarry out mutation operation: in the two-value gene strand, if this position be 0 then become 1, be 1 and become 0.The specific implementation method is as follows:

Suppose that the variation probability is p _m, the gene of population is counted m and is: population size * chromosome string is long.For making each gene have identical probability to morph, chromosome is arranged in order, and produced equally distributed random number sequence r between [0,1] _k(k=1,2..., m), if r _k≤ p _m, then extrapolate the chromosome number and the item of variation according to address k, mutation operation is carried out in this position.

S2-7: stop judging

So far, just finished an iteration of genetic algorithm.Then do not jump to the S2-3 continuation if do not satisfy end condition, otherwise finish, the value of output fitness the best is as predicted value f _T+1End condition has two, and satisfying any one can stop: the genetic algebra that has arrived default; The genetic prognosis flow value has been tending towards convergence.

Fig. 3 network abnormal alarm flow process, its step is as follows:

S3-1: the flow sample of t days synchronizations before extracting

T days is sample with the historical flow actual value in the identical moment to be predicted (such as the 13:40 period in preceding 30 days) before extracting from the flow information historical record, supposes that sample is y ₁, y ₂..., y _t

S3-2: calculate sample variance and standard deviation

Can obtain the variance s of this sample according to the variance computing formula _tThe computing formula that flow moves sample variance and sample standard deviation is:

$s_t^2=\frac{1}{n-1}\underset{i=0}{\overset{n-1}{\mathrm{\&Sigma;}}}{(y_{t-i}-{\stackrel{\&OverBar;}{y}}_t)}^2$

$s_t=\sqrt{\frac{1}{n-1}\underset{i=0}{\overset{n-1}{\mathrm{\&Sigma;}}}{(y_{t-i}-{\stackrel{\&OverBar;}{y}}_t)}^2}$

Wherein ${\stackrel{\&OverBar;}{y}}_t=E\left(y_t\right)=\frac{1}{n}(y_1+y_2+\&CenterDot;\&CenterDot;\&CenterDot;+y_t)$

S3-3: anomaly analysis

(1) as | f _T+1-y _t|≤s _tThe time: network condition is normal, and the historical relatively flow deviation of next moment predicting network flow value is in allowed band.

(2) work as s _t＜| f _T+1-y _t|≤2s _tThe time: produce elementary early warning, the historical relatively flow of next moment predicting network flow value has less deviation.

(3) work as 2s _t＜| f _T+1-y _t| during≤3st: produce intermediate early warning, the historical relatively flow of next moment predicting network flow value has than large deviation.

(4) work as 3s _t＜| f _T+1-y _t| the time: produce senior early warning, the historical relatively traffic conditions of next moment predicting network flow value has very large deviation.

Fig. 4 SNMP basic principle figure.It is proposed by IETF, along with TCP/IP on coming true consensus standard and extensively be used.SNMP mainly is made up of three parts: manager, agency and MIB.MIB defers to SMI (Structure of Management Information), the information of storage equipment or network operation state.The manager passes through GetRequest, GetNextRequest, and SetRequest, GetResponse, operations such as Trap obtain and are provided with the parameter value of MIB by the agency.

Claims (9)

1. a self adaptive network traffic is predicted and the abnormal alarm method, it is characterized in that, after utilizing genetic algorithm to dope next flow status constantly from horizontal time degree, again from vertical time degree according to every day the historical flow information should be in the period the flow sample, utilize statistical method to judge the abnormal conditions of this flow.

2. according to prediction of the self adaptive network traffic of claim 1 and abnormal alarm method, it is characterized in that the step by network traffics data acquisition, network traffics data processing and storage, predicting network flow, exception of network traffic warning four-stage realizes.

3. according to the self adaptive network traffic prediction and the abnormal alarm method of claim 1 or 2, it is characterized in that the network traffics data acquisition is adopted the GET method of SNMP to gather the mib information of router, thereby obtained the real traffic performance information of network.

4. according to prediction of the self adaptive network traffic of claim 1 or 2 and abnormal alarm method, it is characterized in that network traffics data processing and storage will be converted into flow rate and be stored in the database from the initial data that router collects.

5. according to the self adaptive network traffic prediction and the abnormal alarm method of claim 1 or 2, it is characterized in that predicting network flow adopts genetic algorithm from horizontal time degree network traffics to be predicted.

6. according to the self adaptive network traffic prediction and the abnormal alarm method of claim 1 or 2, it is characterized in that exception of network traffic is reported to the police, and the current network flow performance state is carried out statistical analysis, the network flow value f that utilizes genetic algorithm to dope _T+1After, system adopts method of analysis of variance to carry out the network performance early warning from vertical time degree.

7. according to prediction of the self adaptive network traffic of claim 2 or 5 and abnormal alarm method, it is characterized in that predicting network flow comprises: 1) encoding, is that phenotype with population data is converted into chromosomal genotype and represents; 2) initial population generates, and is sample with the historical flow of being gathered in n before the current time minute, and each individuality is encoded; 3) the ideal adaptation degree calculates, and calculates each chromosomal fitness value in the population; 4) select,, in space encoder, chromosome is carried out hereditary computing, and in solution space, assess and select separating in space encoder and solution space, working of replacing; 5) intersect, the most frequently used some interior extrapolation methods are adopted in interlace operation; 6) variation is to each complies with the variation Probability p on the chromosome _mCarry out mutation operation; 7) stop judging, to 6) finished an iteration of genetic algorithm, then do not jump to 3 if do not satisfy end condition) continue, otherwise finish, the value of output fitness the best is as predicted value f _T+1

8. according to prediction of the self adaptive network traffic of claim 2 or 5 and abnormal alarm method, it is characterized in that, predicting network flow, its concrete steps are as follows: S2-1: encoding, is that phenotype with population data is converted into chromosomal genotype and represents; S2-2: initial population generates, and is sample with the historical flow of being gathered in n before the current time minute, and each individuality is encoded; S2-3: the ideal adaptation degree calculates, and calculates each chromosomal fitness value in the population; S2-4: select, system adopts wheel commentaries on classics method to select, thereby produces new chromosome complex; S2-5: intersect, the most frequently used some interior extrapolation methods are adopted in interlace operation; S2-6: variation, to each carries out mutation operation according to variation Probability p m on the chromosome; S2-7: stop judging, to S2-6, just finished an iteration of genetic algorithm, then do not jump to S2-3 if do not satisfy end condition: continue, otherwise finish, the value of output fitness the best is as predicted value f _T+1

9. according to the self adaptive network traffic prediction and the abnormal alarm method of claim 2 or 6, it is characterized in that exception of network traffic is reported to the police, S3-1: t days is sample with the historical flow actual value in the identical moment to be predicted before extracting from the flow information historical record; S3-2: calculate sample variance and standard deviation; S3-3: The Analysis of Abnormal State: (1) is as | f _T+1-y _t|≤s _tThe time: network condition is normal, and the historical relatively flow deviation of next moment predicting network flow value is in allowed band; (2) work as s _t＜| f _T+1-y _t|≤2s _tThe time: produce elementary early warning, the historical relatively flow of next moment predicting network flow value has less deviation; (3) work as 2s _t＜| f _T+1-y _t|≤3s _tThe time: produce intermediate early warning, the historical relatively flow of next moment predicting network flow value has than large deviation; (4) work as 3s _t＜| f _T+1-y _t| the time: produce senior early warning, the historical relatively traffic conditions of next moment predicting network flow value has very large deviation.

Images