摘要
近几年来,Internet 上频繁发生的蠕虫爆发和大规模分布式拒绝服务事件使网络服务的安全性面临严重的威胁。本文介绍了一个基于异常流量检测的 Internet 骨干网流量早期预警系统 ESTAB(Early-warning System ofTraffic Anomaly Based)。它基于 Internet 骨干网异常流量发现原理,通过对端口、长度分布、TCP 标志等直接变量(Direct Variable)的监测,并结合统计学中的时间序列分析方法,实时分析发现流量异常,并提出告警。文中提出了多种事件联合监测的概念,从流量监测角度有效地对付已知流量威胁(如已知蠕虫),并对未知流量威胁提供了相应的监测策略。
Worm and Dos, DDos attacks take frequently place more and more nowadays. It makes the internet security facing serious threat. This paper introduced the algorithm and design of ESTABD, an internet backbone Early Bird System of Traffic Anomaly Detection Based. ESTABD analyzes real-time traffic to discover the abrupt traffic anomalous and generate warnings. A traffic anomaly detection algorithm based on Statistic Prediction theory is put forward and the algorithm has been tested on real network data. Further more, Alerts correlation algorithm and system policy are addressed in this paper to detect the known worms& DOs attacks and potentially unknown threats.
出处
《计算机科学》
CSCD
北大核心
2006年第2期92-96,共5页
Computer Science
基金
国家自然科学基金项目(90204008)。