基于网络流量的实时入侵检测

Real-time Intrusion Detection System Based on Network Traffic

实时异常检测是目前网络安全的研究热点,基于大规模网络流量的统计特征,提出了一个基于统计的流量异常检测模型。根据网络流量的测度集,描绘了一个正常网络流量的基线。参照该正常流量基线,使用假设检验理论进行异常检测。采用一个基于滑动窗口的流量更新策略和感应阈控制模型,使异常检测能够更加高效。

Real-time anomaly detection is a focus of network security research in recent years. Based on statistical characters of traffic in a large-scale network,this paper proposes a traffic anomaly detection model based on statistics. According to the measurable aggregate of network traffic,a normal traffic baseline is established. In the light of the normal network baseline,the theory of hypothesis test is used to carry out the anomaly detection. In order to make the anomaly detection more efficient,the traffic update policy based on glide window and the sense valve technology are adopted in the model.