期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

骨干通信网多流多特征流量异常检测 被引量:2

Traffic anomaly detection using multi-flows and multi-parameters in backbone network
下载PDF
导出
摘要 异常流量的隐蔽性和异常检测的实时性是骨干通信网流量异常检测面临的两大难题,为此提出一种多流多特征的流量异常检测方法:将网络业务量细分为多个与网络异常密切相关的子流,在各子流中分别提取多种流量特征参数与数据包特征参数等中粒度信息,对多流多特征参数同时进行异常检测。Internet2的实际数据检测结果表明,该方法能够快速准确检测出骨干网络的洪泛攻击和端口扫描等异常流量,检测结果与离线精细检测结果大致相当。 Anomaly detection in backbone network faces two problems:anomaly traffic is relatively small and real-time detection is difficult to implement.Aiming at these two difficulties,this paper proposed a detection method of traffic anomaly based on multi-flows and multi-parameters.Our method classified network traffic into several sub-flows which are closely related to network anomaly,extracted a variety of traffic features and packets features,and then detected traffic anomaly through multi-flows and multi-parameters.The detection results in Internet2's real data show that the proposed method can effectively detect flood attacks and port scans,these results almost equal to the results of the offline analysis.
作者 冯震 胡光岷 姚兴苗 周颖杰
机构地区 电子科技大学宽带光纤传输与通信网技术教育部重点实验室
出处 《微计算机信息》 2010年第24期99-101,共3页 Control & Automation
基金 基金申请人:胡光岷 项目名称:大规模通信网络异常行为特征分析与提取关键技术研究 基金颁发部门:国家自然科学基金委(60872033)
关键词 骨干通信网络 多流多特征 流量 异常检测 backbone network multi-flows and multi-parameters traffic anomaly detection
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献10

  • 1李闰平,李斌,王垚.基于相似度的异常检测方法[J].微计算机信息,2008,24(12):166-167. 被引量:1
  • 2BARFORD P, KLINE J,PLONKA D. A signal analysis of network traffic a nomalies [C]// Proceedings of ACM SIGCOMM Internet Measurement Workshop. Marseilles,France,2002:71-82.
  • 3LAKHINA A,CROVELLA M,CHRISTOPHES D. Char- acterization of Network-Wide Anomalies //Proceedings of the 4th ACM SIGCOMM conference on Internet measurement. Taormina,Sicily, Italy. 2004:201-206.
  • 4CHENG C M, KUNG H T, TAN K S. Use of Spectral Analysis in Defense Against DoS Attacks [C]//Global Telecommunications Conference. [S.1.]: IEEE Press, 2002: 2143-2148.
  • 5SAVAGE S,WETHERALL D,KARLIN A,et al.Practical Network Support for IP Traceback[C]//Proceedi-ngs of the 2000 ACM SIGCOMM Conference ,Sto-ckholm,Sweden,2000:295-306.
  • 6BAKOS G, BERK V. Early detection of Internet worm activity by metering ICMP destination unreachable activity[C]//Proceedings of the SPIE conference on Sensors, and Command, Control, Communications and Intelligence. Orlando, FL, 2002:.
  • 7JUAN M E,PEDRO G,JESUS E D. Anomaly detection methods in wired networks: a survey and taxonomy[J]. Computer Communications, 2004, 27(16):1569-1584.
  • 8郑军,胡铭曾,云晓春,郑仲.基于数据流方法的大规模网络异常发现[J].通信学报,2006,27(2):1-8. 被引量:17
  • 9杨岳湘,王海龙,卢锡城.基于信息熵的大规模网络流量异常分类[J].计算机工程与科学,2007,29(2):40-43. 被引量:6
  • 10[EB/OL].http//www.intemet2.edu/network/.

二级参考文献22

  • 1王峰,宋书民,陈喆,矫新华.基于危险模式的异常检测模型[J].微计算机信息,2006,22(08X):81-83. 被引量:2
  • 2[5]Marina Thottan,Chuanyi ji.Anomaly Detection in IP Networks.IEEE TRANSACTI0NS ON SIGNAL PROCESSING,VOL.51.NO.8,AUGUST 2003
  • 3[6]Denis Zuev,Andrew W Moore.Traffic Classification using a Statistical Approach.University of Oxford,
  • 4JUAN M E,PEDRO G,JESUS E D.Anomaly detection methods in wired networks:a survey and taxonomy[J].Computer Communications,2004,27(16):1569-1584.
  • 5YE N,SEAN V,CHEN Q.Computer intrusion detection through EWMA for autocorrelated and uncorrelated data[J].IEEE Transactions on Reliability,2003,52(1):75-82.
  • 6WANG H,ZHANG D,KANG S.Detecting SYN flooding attacks[A].Proceedings of the IEEE Infocom[C].New York,2002.123-132.
  • 7JIN C,WILLIAM S C,DONG L.The effect of statistical multiplexing on the long-range dependence of Internet packet traffic[EB/OL].http://cm.bell-labs.com/stat/doc/multiplex.pdf,2001.
  • 8HUANG P,FELDMANN A,WILLINGER W.A non-intrusive,wavelet-based approach to detecting network performance problems[A].Proceedings of ACM SIGCOMM Internet Measurement Workshop 2001[C].San Francisco Bay Area,2001.
  • 9BARFORD P,KLINE J,PLONKA D.A signal analysis of network traffic anomalies[A].Proceedings of ACM SIGCOMM Intemet Measurement Workshop[C].Marseilles,France,2002.71-82.
  • 10ALARCON V,BARRIA J A.Anomaly detection in communication networks using wavelets[J].IEE Proceedings Communications,2001,148(6):62-355.

共引文献21

同被引文献17

引证文献2

二级引证文献2

微计算机信息
2010年 第24期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部