摘要
主机的异常行为复杂多样,产生异常的原因有很多,但主机的异常行为往往体现在主机对CPU、内存、带宽等资源的使用状况上。基于此,该文提出主机资源可用性的概念,并围绕主机资源可用性建立了主机异常检测的新方法。首先,选择一组能够体现主机资源使用状况的指标,建立主机资源可用性测度指标体系,再通过实验分析,建立正常状况下主机资源可用性的轮廓特征,最后根据主机资源可用性的特殊性,利用双阈值异常检测算法检测主机的异常。经过实际测试,该方法具有很好的异常检测效果。
Abnormal behaviors of hosts are complicated and diversified caused by many factors. However, they are often incarnated by the usage of resouces such as CPU, memory, bandwidth, etc. In this paper, a novel method for anomaly detection based on Host Resource Availability (HRA) is presented. Firstly, an index system is established to describe the usage of host resource. Secondly, a normal profile of HRA is extracted by experiment. Finally, an algorithm called Double-Threshold Anomaly Detection Algorithm (DTADA ) is put forward according to the particularity of HRA. Application testing shows that our method has a satisfied result.
出处
《电子科技大学学报》
EI
CAS
CSCD
北大核心
2007年第S3期1449-1452,共4页
Journal of University of Electronic Science and Technology of China
基金
国家自然科学基金重点项目(60633020)
国家242信息安全计划(2006C26)
关键词
异常检测
双阈值
主机
资源可用性
anomaly detection
double threshold
host
resource availability
