期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于支持向量机的网络流量异常检测 被引量:6

Network traffic anomaly detection based on support vector machine
下载PDF
导出
摘要 提出了一种基于支持向量机的网络流量异常检测方法.分析了支持向量机的基本原理,结合网络流量异常检测的特点,讨论了异常检测的特征选择问题;提出了网络流量对称性、TCP报文SYN和SYN/ACK对称性以及协议分布等具有鲁棒性的特征参数,描述了数据的预处理方法.测试结果表明,所选特征参数可有效地检测网络攻击导致的流量异常变化,说明基于支持向量机的检测方法具有较好的泛化能力. A network traffic anomaly detection mechanism is presented based on support vector machine (SVM). Theory of SVM is introduced first,and then feature selection is discussed in depth. Many features, including symmetry of network traffic, symmetry of SYN and SYN/ACK packets, protocol distribution, are introduced in network traffic anomaly detection.And preprocessing of data is explained in detail.Experimental results show that the selected features can be used to detect traffic anomaly incurred by network attacks,and the detection mechanism based on SVM has good capability of generalization.
作者 温志贤 李小勇
机构地区 天水师范学院数理与信息科学学院 上海交通大学计算机科学与工程系
出处 《西北师范大学学报(自然科学版)》 CAS 2005年第3期27-31,共5页 Journal of Northwest Normal University(Natural Science)
关键词 异常检测 入侵检测 支持向量机 端口扫描 网络安全 anomaly detection intrusion detection support vector machine port scan network security
分类号 TP393.07 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献8

  • 1陈硕,安常青,李学农.分布式入侵检测系统及其认知能力[J].软件学报,2001,12(2):225-232. 被引量:44
  • 2HANJia-wei KamberMicheline 范明.数据挖掘:概念与技术[M].北京:机械工业出版社,2001..
  • 3邹柏贤,李忠诚.基于AR模型的网络异常检测[J].微电子学与计算机,2002,19(12):1-6. 被引量:4
  • 4JrisitianiniN Shawe-TaylorJ 李国正 王猛 曾华军译.支持向量机导论[M].北京:电子工业出版社,2004.53-79.
  • 5Jon Postel.RFC 793[A].DARPA.Transmission Control Protocol-DARPA Internet Program Protocol Specification[C].Cacifornia:Information Sciences Institute,1981.7-52.
  • 6Licoln Laboratory,Massachusetts Institute of Technology. DARPA intrusion detection evaluation[EB/OL].http://www.ll.mit.edu/IST/ideval/index.html,2003-09-16.
  • 7TanenbaumAS 潘爱民译.计算机网络[M]第4版[M].北京: 清华大学出版社,2004.437-472.
  • 8Chang Chih-Chung,Lin Chih-Jen.LIBSVM:a library for support vector machines[EB/OL].http://www.csie.ntu.edu.tw/~cjlin/libsvm/,2004-02-25.

二级参考文献16

  • 1Mehdi Nassehi. Anomaly detection for Markov models, Research report, 1998. IBM Research Division, Zurich Research Laboratory,8803 Ruschlikon, Switzerland.
  • 2Luca Deri, Stefano Suin and Gaia Maselli. Design and Implementation of an anomaly detection System: An empirical approach. http://jake.unipi.it/~deri/ADS.pdf. August 2001.
  • 3Patrik D'haeseleer, Stephanie Forrest and Paul Helman. A distributed approach to anomaly detection. IEEE Symposium on Security and Privacy, 1997.
  • 4Roy A Maxion and Frank E Feather. A case study of ethernet anomalies in a distributed computing environment.IEEE Transactions on Reliability, October 1990,39(4).
  • 5Marina Thottan and Chuanyi Ji. Proactive anomaly detection using distributed intelligent agents. IEEE Network, September/October 1998.
  • 6Rajesh Talpade. Gitae Kim and Sumit Khurana, Nomad:traffic-based network monitoring framework for anomaly detection. Proceedings of the fourth IEEE symposium on computers and communications(ISCC), 6-8 July, 1999, Egypt.
  • 7Lawerence Ho and Symeon Papavassiliou. Network and service anomaly detection in multi-service transaction-based electronic commerce wide area networks. Proceedings of the fifth IEEE symposium on computers & communications.
  • 8Milena Butto,Maurizio Naldi and Andrea Neri. Fuzzy logicbased diagnosis of traffic anomalies in voice networks. Journal of network and systems management, 2001,9(2).
  • 9Polly Huang,Anja Feldmann and Walter Willinger, A nonintrusive,wavelet-based approach to detecting network performance problems. November 2 2001,ACM SIGCOMM Internet measurement workshop 2001, San Francisco, USA.
  • 10V Alarcon-Aquino and J A Barria. Anomaly detection in communication networks using wavelets. IEE Proc.-Commun., December 2001,148(6).

共引文献67

同被引文献39

引证文献6

二级引证文献16

西北师范大学学报(自然科学版)
2005年 第3期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部