The development of new technologies such as the Internet of Things and cloud computing tests the transmission capabilities of communication networks. With the widespread application of multiple wireless access technologies, it has become popular for modern communication devices to be equipped with multiple network access interfaces. The increasing of various network attacks significantly reduces the robustness of multipath TCP (MPTCP) transport systems. To address this problem, this paper proposes a network traffic anomaly detection model based on MPTCP networks, called MPTCP-EMD. The model combines multi-scale detection and digital signal processing theory to implement anomaly detection based on the self-similarity of MPTCP network traffic. It uses the empirical modal decomposition (EMD) method to decompose MPTCP traffic data and reconstruct the valid signal by removing high-frequency noise and residual trend term. Using the idea of sliding windows, the model then compares the changes in the Hurst exponent of the MPTCP network under different attack conditions to determine whether anomalies have occurred. The simulation results show that the EMD method can be used for anomaly detection of MPTCP network traffic. The Hurst exponent of the attacked MPTCP network significantly exceeds the range of the unattacked network, and exhibits significant jitter.

物联网、云计算等新技术的发展考验着通信网络的传输能力。随着多种无线接入技术的广泛应用，现代通信设备配备多种网络接入接口已成为普遍现象。各种网络攻击的增加显着降低了多路径 TCP (MPTCP) 传输系统的鲁棒性。针对这一问题，本文提出了一种基于MPTCP网络的网络流量异常检测模型，称为MPTCP-EMD。该模型结合多尺度检测和数字信号处理理论，实现基于MPTCP网络流量自相似性的异常检测。它使用经验模态分解（EMD）方法对MPTCP流量数据进行分解，通过去除高频噪声和残余趋势项来重构有效信号。模型利用滑动窗口的思想，比较MPTCP网络在不同攻击条件下Hurst指数的变化，判断是否出现异常。仿真结果表明，EMD方法可用于MPTCP网络流量的异常检测。受攻击的 MPTCP 网络的 Hurst 指数明显超出未受攻击网络的范围，并表现出明显的抖动。然后模型比较MPTCP网络在不同攻击条件下Hurst指数的变化，判断是否出现异常。仿真结果表明，EMD方法可用于MPTCP网络流量的异常检测。受攻击的 MPTCP 网络的 Hurst 指数明显超出未受攻击网络的范围，并表现出明显的抖动。然后模型比较MPTCP网络在不同攻击条件下Hurst指数的变化，判断是否出现异常。仿真结果表明，EMD方法可用于MPTCP网络流量的异常检测。受攻击的 MPTCP 网络的 Hurst 指数明显超出未受攻击网络的范围，并表现出明显的抖动。