期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

ODC——在线检测和分类全网络流量异常的方法 被引量:12

ODC: a method for online detecting & classifying network-wide traffic anomalies
下载PDF
导出
摘要 提出一种从全网络的视角实时在线检测和分类流量异常的方法(简称ODC),该方法以增量方式构建以流量特征的熵为测度的流量矩阵,利用增量主成分分析算法在线地检测流量异常,然后再利用增量k-means算法实时在线地对流量异常进行分类,以便网络管理员采取相应的防御措施。理论分析和实验分析表明,ODC具有较低的时间复杂度和存储开销,能够满足在线实时处理的要求。实测数据分析和模拟实验分析的结果均证实了ODC具有很好的检测和分类性能。 A method for online detecting classifying traffic anomalies(ODC for short) from a network-wide angle of view was put forward.This method constructed traffic matrix with a metric of traffic feature entropy incrementally,de-tected traffic anomalies online using incremental principal component analysis,and then classified traffic anomalies online using incremental k-means,from which network operators could benefit for taking corresponding countermeasures.Theoretical analysis and experiment analysis show that the method has lower storage and less computing time complexity,which could satisfy the requirements of real-time process.Analysis based on both measurement data from Abilene and simulation experiments demonstrate that the method has very good detection and classification performance.
作者 钱叶魁 陈鸣 郝强 刘凤荣 商文忠
机构地区 解放军理工大学指挥自动化学院 解放军防空兵指挥学院导弹系
出处 《通信学报》 EI CSCD 北大核心 2011年第1期111-120,共10页 Journal on Communications
基金 国家自然科学基金计划资助项目(61070173) 国家高技术研究发展计划("863"计划)基金资助项目(2007AA01Z418) 江苏省自然科学基金资助项目(BK2009058)~~
关键词 流量异常 在线检测 在线分类 增量主成分分析 增量聚类 traffic anomaly online detection online classification incremental PCA incremental clustering
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献15

  • 1XU K, ZHANG Z L, BHATTACHARYYA S. Intemet traffic behavior profiling for network security monitoring[J]. IEEE/ACM Transactions on Networking, 2008, 16(6):1241-1252.
  • 2LAKHINA A, CROVELLA M, DIOT C. Mining anomalies using traffic feature distrlbutlons[A]. SIGCOMM[C]. Philadelphia, Pennsylvania, USA, 2005.134-145.
  • 3TORRES R, HAJJAT M, RAO SG, et al. Inferring undesirable behavior fiom P2P traffic analysis[A]. SIGMETRICS[C]. USA, 2009. 231-242.
  • 4GU G, PERDISCI R, ZHANG J, et al. BotMiner: clustering analysis of network traffic for protocol and structure-independent botnet detection[A]. USENIX Security[C]. USA., 2008.67-76.
  • 5孙知信,唐益慰,张伟,宫婧,王汝传.基于特征聚类的路由器异常流量过滤算法[J].软件学报,2006,17(2):295-304. 被引量:15
  • 6DENNING D. An intrusion-detection model[J]. IEEE Transactions on Software Engineering, 1987, 13(2):222-232.
  • 7SOULE A, SALAMATIAN K E, TAFT N. Combining filtering and statistical methods for anomaly detection[A]. IMC[C]. Boston, USA, 2005. 311-322.
  • 8LI M, LI J, ZHAO W. Experimental study of DDOS attacking of flood Type based on NS2[J]. Int J Electronics and Computers, 2009, 1(2): 143-152.
  • 9LI M. Change trend of averaged hurst parameter of traffic under DDOS flood attacks[J). Computers & Security,2006, 25(3): 213-220.
  • 10杨一,郑建德.基于蚂蚁聚类的自适应拒绝服务攻击检测技术[J].通信学报,2006,27(z1):88-91. 被引量:1

二级参考文献4

共引文献14

同被引文献143

  • 1孙知信,唐益慰,程媛.基于改进CUSUM算法的路由器异常流量检测[J].软件学报,2005,16(12):2117-2123. 被引量:27
  • 2张登银,许芳颂.端口扫描与反扫描技术研究[J].南京邮电学院学报(自然科学版),2005,25(6):54-58. 被引量:6
  • 3A Sang, S Li. A. predictability analysis of network traffic[J]. Computer networks, 2002, 39 (04): 329-345.
  • 4K. Park and W. Willinger. Self-Similar Network Traffic: An Overview[C]. New York: John Wiley&Sons,2000.1-46.
  • 5Paul Barford, Jeffery Kline, David Plonka and Amos Ron. A Signal Analysis of Network Traffic Anomalies[C]. Proceedings of ACM SIGCOMM Internet Measurement Workshop,2001.
  • 6Alarcon-Aquino V, Barria JA. Anomaly detection in communication networks using wavelets[C].IEE-Proceedings- Communications,2001,vol. 148,no.6:355 -362.
  • 7A. Lakhina, M. Crovella, and C. Diot, Mining anomalies using traffic feature distributions[C]. In ACM SIGCOMM' 05, 2005. 217-228.
  • 8Andreas Kind, Marc Ph. Stoecklin, and Xenofontas Dimitropoulos. Histogram-Based Traffic Anomaly Detection[C]. IEEE TRANSACTIONS ON NETWORK SERVICE MANAGEMEN, VOL. 6, NO. 2, |UNE 2009.
  • 9G. W. Milligan and M. Cooper, An examination of procedures for determining the number of clusters in a data set[C]. Psychometrika, vol. 50, 1985.159-179.
  • 10A Sang, S Li. A. predictability analysis of network traffic[J]. Computer networks, 2002, 39 (04): 329-345.

引证文献12

二级引证文献58

通信学报
2011年 第1期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部