摘要
现有残差比较等异常检测方法只能在突变阶段检测异常,检测率较低。综合考虑网络流量中包含的所有特征,对网络中的多种协议流量指标分别进行局部投影降噪处理,将各流量分解为流量趋势部分和噪声流量部分,以这两部分为参量通过支持向量数据描述建立检测模型,并通过对样本的模糊化处理提高模型的泛化性。实验表明该方法适合于检测拒绝服务攻击引起的流量异常,与传统的阈值比较方法相比能够获得更高的异常检测率和更低的误报率。
The present network traffic anomaly detection methods such as residual detection could detect anomaly at the break moment only, the detection rate was low. This paper denoised the multiple protocols of network traffic by local projection me- thod, it decomposed the traffic into trend part, and noise part and considered them in the detection. It also established the de- tection model by SVDD, and introduced the fuzzy logic to enhance the model' s generalization. The experiments on DoS at- tacks detection show that the proposed method can detect the anomaly well. Compared to the traditional methods, it gets higher detection rate and lower false alarm rate.
出处
《计算机应用研究》
CSCD
北大核心
2013年第5期1523-1526,共4页
Application Research of Computers
基金
国家自然科学基金资助项目(61003252)
全军军事学研究生课题资助项目(2011JY002-524)
空军工程大学创新基金资助项目(201105)
