期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于层叠模型的网络流量异常检测方法 被引量:1

Network traffic anomaly detection method based on cascade model
下载PDF
导出
摘要 进行网络流量异常检测,需要对正常流量行为建立准确的模型,根据异常流量与正常模型间的偏离程度作出判断。针对现有网络流量模型中自相似模型与多分形模型无法全面刻画流量特征的不足,提出了一种基于流量层叠模型分析的异常检测算法,采用层叠模型对整个时间尺度上的流量特征进行更准确的描述,并运用小波变换对流量的层叠模型进行估计,分析异常流量对模型估计的影响,提出统计累计偏离量进行异常流量检测的方法。仿真结果表明,该方法能够有效检测出基于自相似Hurst系数方法不能检测的弱异常以及未明显影响Hurst系数变化的异常流。 Traffic modeling as one of the ways to describe the normal behavior of network traffic was used to detect anomaly. Due to the self-similar model and multi-fractal model were inherently unable to capture the nature of traffic data in all time scales. This paper proposed a novel anomaly detection method based on cascade model analysis to describe the characteristic of traffic data more accurately. By studying the influences of anomalous traffic on the estimation of cascade model through wavelet transform modulus maxima, defined a cumulative deviation to estimate abnormal behavior. The simulation results show that this method is more sensitive to small anomalous traffic than detection methods based on H parameter analysis, and can accurately detect the anomalies which will not cause the Hurst parameter change evidently. Therefore, it is suite for the early stage detection of anomaly traffic.
作者 李宗林 胡光岷 周汝强
机构地区 电子科技大学宽带光纤传输与通信网技术教育部重点实验室
出处 《计算机应用研究》 CSCD 北大核心 2008年第9期2839-2841,2844,共4页 Application Research of Computers
基金 四川省青年科技基金资助项目(04ZQ026-028)
关键词 异常检测 层叠模型 小波变换模极大 anomaly detection cascade model wavelet transform modulus maxima(WTMM)
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献13

  • 1LELAND W E, TAQQU M S, WILLINGER W, et al. On the self- similar nature of Ethernet traffic( extended version) [ J]. IEEE/ACM Trans on Networking, 1994,2 ( 1 ) :1-15.
  • 2LI L, LEE G. DDoS attack detection and wavelets[ C3//Proc of the 12th International Conference on Computer Communications and Networks. 2003:421-427.
  • 3任勋益,王汝传,王海艳.基于自相似检测DDoS攻击的小波分析方法[J].通信学报,2006,27(5):6-11. 被引量:56
  • 4李金明,王汝传.基于Hurst参数的DoS/DDoS攻击实时检测技术研究[J].计算机工程与应用,2007,43(6):20-23. 被引量:3
  • 5TAQQU M S, TEVEROVSKY V, WILLINGER W. Is network traffic self-similar of muhifractal? [ J]. Fractals, 1997,5:63-73.
  • 6LUO S. Network traffic anomaly detection through correlation integrals [ EB/OL]. [ 2005 ]. http ://www. sigcomm. org/ sigcomm 2005/poster-111. pdf.
  • 7ARNEODO A, MUZY J F, ROUX S G. Experimental analysis of selfsimilar random cascade processes: application to fully developed turbulence[J]. Journal de Physique II. 1997,7:363-370.
  • 8FELDMANN A, GILBERT A, WILLINGER W. Data networks as cascades : investigating the multifractal nature of Intemet WAN traffic [ C]//Proc of ACM SIGCOMM 1998. Vancouver: [ s. n. ] , 1998:42- 66.
  • 9ROUX S, VEITCH D, ABRY P, et al. Statistical scaling analysis of TCP/IP data using cascades [ C ]//Proc of IEEE International Conference on Acoustics, Speech, and Signal Processing ( ICASSP' 01 ). Salt Lake City: [ s. n. ] , 2001:7-11.
  • 10Lawrence Berkeley National Laboratory, the Internet Traffic Archive [ EB/OL]. [ 2002 ]. http ://ita. ee. lbl. gov/index. html.

二级参考文献25

  • 1孙钦东,张德运,高鹏.基于时间序列分析的分布式拒绝服务攻击检测[J].计算机学报,2005,28(5):767-773. 被引量:55
  • 2CHANG R K C.Defending against flooding-based distributed denial-of-service attack:a tutorial[J].IEEE Comm Magazine,2002,40(10):42-51.
  • 3LAU F,RUBIN S H,SMITH M H.Distributed denial of service attacks[A].Proceedings of the IEEE International Conference on Systems,Man,and Cybernetics[C].Nashville,2000.2275-2280.
  • 4LELAND W,TAQQU M,WILLINGER W.On the self-similar nature of Ethernet traffic (Extended Version)[J].IEEE/ACM Trans on Networking,1994,2(1):1-15.
  • 5PAXSON V,FLOYD S.Wide area traffic:the failure of poisson modeling[J].IEEE/ACM Trans on Networking,1995,3(3):226-244.
  • 6DANG T D,MOLNAR S.On the Effects of Non-Staionarity in Long Range Dependent Tests[R].Budapest Univ Technology and Economics Tech Rep,Budapest,Hungary,1999.
  • 7ABRY P,VEITCH D.Wavelet analysis of long range dependent traffic[J].IEEE Trans on Infor Theory,1998,44(1):2-15.
  • 8李弻程,罗建书.小波分析及其应用[M].北京:电子工业出版社,2003.
  • 9DAUBECHIES I.Ten Lectures on Wavelets[M].Philadelphia,PA:SIAM,1992.
  • 10Leland W E,Taqqu M S,Willinger W,et al.On the self-similar nature of Ethernet traffic(extended version)[J].IEEE/ACM Trans on Networking,1994,2(1):1-15.

共引文献56

同被引文献8

引证文献1

二级引证文献9

计算机应用研究
2008年 第9期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部