摘要
在分析影响服务可用性网络攻击导致网络流量异常改变的基础上,提出了一种主机网络实时流量的安全状况评估方法.首先,在固定时间窗口内选择一组能够体现网络流量统计特征的统计量作为评估测度,在大样本的基础上运用信息增益方法确定不同测度对评估结果影响的重要性.其次,采用层次加权方法,并将评估结果作为归一化异常度值,对主机网络的实时流量进行评估.实验结果表明,这种方法能够对蠕虫、DDoS、DoS攻击引发的异常流量进行合理评估,并且对引起网络流量异常改变的新攻击有良好的评估效果.
After analyzing malicious attacks against network that affect the service availability and would lead to the abnormal change of the network traffic, a method to evaluate the security situation of real-time traffic of hosts is presented. A group of statistic that can reflect the network traffic features in a fixed time window are selected as the evaluation metrics. Based on the large samples, the information entropy gain method is applied to determine the importance of evaluation results for different metrics. Then, using hierarchical weighted method, the evaluation re suits are regarded as the normalized abnormality value to evaluate the real time traffic of host networks. Experiments and testing show that this method can reasonably evaluate the host network abnormal flows caused by the DDoS, DoS worm and other attacks, and has good evaluation re suits for new attacks that cause abnormal change of network traffic.
出处
《西安交通大学学报》
EI
CAS
CSCD
北大核心
2006年第4期415-419,共5页
Journal of Xi'an Jiaotong University
基金
国家杰出青年基金资助项目(6970025)
国家自然科学基金资助项目(60243001)
国家高技术研究发展计划资助项目(2001AA140213)
关键词
安全评估
网络攻击
主机实时流量
security evaluation
network attack
host real-time traffic
