期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种用于异常检测的网络流量抽样方法 被引量:6

Novel Traffic Sampling Method for Anomaly Detection
下载PDF
导出
摘要 为了减小抽样数据对网络异常检测的影响,提出了一种新的可变抽样率的网络流量抽样方法.通过利用哈希模式匹配算法,将到达的数据报文按流标识分类并记录下该报文在流中的位置,然后根据报文所属流的位置顺序减函数来设置不同的报文抽样概率.实验结果表明,所提方法增加了短流报文的抽样概率,解决了由于随机报文抽样方法偏向于长流抽样而导致的网络异常丢弃的问题,从而提高了异常检测的正确性. In order to reduce the impact of sampled traffic on network anomaly detecting, a novel method with variable sampling rates in traffic sampling is proposed. By using the hash pattern matching algorithm, the incoming packets are classified by flow's ID and the packet's positions in the flow are recorded. Then, various sampling rates are specified according to the decreasing order function of the flow that the incoming packet belongs to. Experiment results show that the method increases the sampling rates to small flows, and resolves the problem that a great many network anomalies are discarded by the random packet sampling that has a bias towards large flows, and that the accuracy of anomaly detecting is improved.
作者 潘乔 裴昌幸 朱畅华
机构地区 西安电子科技大学综合业务网国家重点实验室
出处 《西安交通大学学报》 EI CAS CSCD 北大核心 2008年第2期175-178,共4页 Journal of Xi'an Jiaotong University
基金 国家自然科学基金资助项目(60572147 60132030) 陕西省科技攻关资助项目(2006K04-G33)
关键词 网络流量 可变抽样 随机报文 异常检测 network traffic variable sampling random packet anomaly detecting
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献9

  • 1ZSEBY T, FOKUS F, MOLINA M, et aL Sampling and filtering techniques for IP packet selection [EB/ OL]. [2007-01-20]. http://www. ietf. org/html. charters/psamp-charter. html, 2007.
  • 2PAUL B, JEFFERY K, DAVID P, et al. A signal analysis of network traffic anomalies [C]//Proceedings of ACM SIGCOMM Internet Measurement Workshop. New York: ACM Press, 2002 : 71-82.
  • 3AVINASH S, TAO Ye, SUPRATIK B. Connectionless port scan detection on the backbone [C] // IEEE International Performance Computing and Communications Conference. Pisataway, USA: IEEE, 2006.. 567- 576.
  • 4CHOI B Y, PARK J, ZHANG Zhili. Adaptive random sampling for traffic load measurement [C]//Proceedings of IEEE International Conference on Communications. Piscataway, USA: IEEE, 2003 : 1552-1556.
  • 5MA Jianning, CHUAH Chen-Nee, ASHWlN S, et al. Is sampled data sufficient for anomaly detection [C] // Proceedings of the 6th ACM SIGCOMM on Internet Measurement. New York: ACM Press, 2006. 165-176.
  • 6CISCO Systems Inc. Random sampled NetFlow [EB/ OL]. [2007-01-20]. http://www. cisco. com/en/US/ products/ps6566/products.feature_ guide 09186a008- 0796a49. html.
  • 7BEVERLY R. MS-SQL slammer/sapphire traffic analysis [EB/OL]. [2007-01-20]. http://momo. los. mit. edu/slammer/.
  • 8APISDOR I J,CLAFFY K, THOMPSON K, et al. OC3MON: flexible, affordable, high performance statistics collection[C] // Proceeding of the 7th Annual Conference of the Intemet Society. Kuala Lumpur, Malaysia: The Intemet Society, 1997: 97-112.
  • 9LUND D N, THOURUP C M. Estimating flow distributions from sampled flow statistics [J]. IEEE/ ACM Transactions on Networking, 2005, 13(5) : 933- 946.

同被引文献42

引证文献6

二级引证文献17

西安交通大学学报
2008年 第2期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部