摘要
异常流量在目的地址与出现时间上的分布均与正常流量有很大区别。文中对校园网的出口流量进行分析实验,将其NetFlow记录按校外IP地址的前16位聚类,得到的部分网段在出入流量中的出现频度有明显特点。分析2种典型网段,研究由此发现校园网内的异常流量源的方法,并对2种异常流量源的区别进行了分析。此方法与常用的异常检测方法相比,所需处理的数据量大为减少,大大提高了检测效率。
Abnormal traffic appears very different from normal traffic on the distribution of both destination IP address and time.This paper clusters the Netflow records of the traffic via the campus network based on the higher 16 bits of the outer IP address,finding that some clusters appear unusual on frequency of the emergence.This paper analyzes two kinds of typical cluster,proposes a method to detect anomaly sources insides the campus network using the clusters,and finds the differences of two kinds of anomaly s...
出处
《中国海洋大学学报(自然科学版)》
CAS
CSCD
北大核心
2008年第S1期187-190,共4页
Periodical of Ocean University of China
