摘要
通过研究网络流动态特征,基于路由变化、流变化和包延迟,以及IP报文头信息(例如TTL、源/目的地址、报文长度和路由器时间戳)建立网络行为模型,通过高性能测量和在线分析网络流和路由信息对初始网络异常产生实时报警,实现了IP forwarding网络异常的有效检测和识别。定义了网络行为模型的五种功能模块,通过关联空间和时间状态信息检测识别网络异常为大范围监测网络提供强大支持。
A simple, robust method was proposed that integrated routing and traffic data streams to reliably detect forwarding anomalies. High resolution measurements and on-line analysis of network traffic and routing were used to provide real-time alarms in the incipient phase of network anomalies. The anomalies identification method based on behavior model used path changes, flow shift and packet delay variance and relied extensively on IP packet header information, such a~ TI'L, source/destination address, packet length, and routcr's timestamps. The overall method is scalable, automatic and selftraining, and effectively identifies forwarding anomalies, while avoiding the high false alarms rate.
出处
《计算机应用》
CSCD
北大核心
2006年第3期564-566,共3页
journal of Computer Applications
基金
国家自然科学基金资助项目(60273070
60473031)
