期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于Filter-ary-Sketch数据结构的骨干网异常检测研究 被引量:4

Anomaly detection in backbone networks using Filter-ary-Sketch
下载PDF
导出
摘要 针对骨干网上异常检测的特殊要求,提出了一种基于Filter-ary-Sketch数据结构的异常检测方法。该方法通过Filter-ary-Sketch实时记录网络流量信息,然后每隔一定周期进行基于多维熵值的异常检测。如果出现异常则根据Filter-ary-Sketch记录的流量信息进行异常点定位,最后利用Bloom Filter中记录的源IP信息进行恶意流量阻断。该方法能够检测多种类型的网络攻击,且能有效地进行恶意流量阻断。利用实际骨干网流量数据,分别从效率和精度2个方法进行对比实验,取得了较好的效果。 For the special requirements of anomaly detection in backbone networks, an anomaly detection method was proposed based in the summary data structure: Filter-ary-Sketch. It recorded the network traffic information in Filter-are-Sketch online and detected anomalies based on multi-dimensional entropy at every circle. If an anomaly was detected, the anomaly point located according to data stream recorded in Filter-ary-Sketch. Finally, malicious traffic blocked using the source IPs recorded in Bloom filter. The method was effective in detecting a variety of network attacks; especially it could block the malicious traffic. Evaluated by the experiment, the method can detect anomaly in the backbone network with small computing and memory resource and block the IP flows that are responsible for the anomaly.
作者 郑黎明 邹鹏 韩伟红 李爱平 贾焰
机构地区 国防科学技术大学计算机学院 装备指挥技术学院
出处 《通信学报》 EI CSCD 北大核心 2011年第12期151-160,共10页 Journal on Communications
基金 国家高技术研究发展计划("863"计划)基金资助项目(2011AA010702)~~
关键词 网络安全 异常检测 概要数据结构 network security anomaly detection sketch entropy
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献22

  • 1WANG H N, ZHANG D L, SHIN K G Change-point monitoring for the detection of DoS attacks[J]. IEEE Transactions on Dependable and Secure Computing, 2004, 1(4):193-208.
  • 2严芬,陈轶群,黄皓,殷新春.使用补偿非参数CUSUM方法检测DDoS攻击[J].通信学报,2008,29(6):126-132. 被引量:13
  • 3JUNG J, PAXSON V, BERGER A W. Fast portscan detection using sequential hypothesis testing[A]. Proceedings of the IEEE Symposium on Security and Privacy[C]. 2004.
  • 4MAI J N, CHUAH C N, SRIDHARAN A. ls sampled data sufficient for anomaly detection[A]. Proceedings of the 6th ACM SIGCOMM conference on Internet measurement[C]. 2006.
  • 5KOMPELLA R R, SINGH S, VARGHESE G. On scalable attack detection in the network[A]. Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement[C]. 2004.
  • 6LAKHINA A, CROVELLA M, DIOT C. Mining anomalies using traffic feature distributions[A]. SIGCOMM[C]. 2005.
  • 7MUTHUKRISHNAN S. Data stream: algorithms and applications[A]. Proceedings of the 14th annual ACM-SIAM Symposium on Discrete Algorithms[C]. 2003.
  • 8CORMODE G, MUTHUKRISHNAN S. An improved data stream summary: the count-min sketch and its applications[J]. Journal of Algorithms,2005,55(1).
  • 9KRISHNAMURTHY B, SEN S, ZHANG Y. Sketch-based change detection: methods, evaluation, and applications[A]. Proceedings of the 3th ACM SIGCOMM conference on lnternet measurement[C]. 2003.
  • 10SCHWELLER R, LI Z C, CHEN Y. Reverse hashing for high-speed network monitoring: algorithm, evaluation, and applications[A]. IEEE Infocom[C]. 2006.

二级参考文献16

  • 1林白,李鸥,刘庆卫.基于序贯变化检测的DDoS攻击检测方法[J].计算机工程,2005,31(9):135-137. 被引量:6
  • 2林白,李鸥,赵桦.基于源端网络的SYN Flooding攻击双粒度检测[J].计算机工程,2005,31(10):132-134. 被引量:6
  • 3孙知信,唐益慰,程媛.基于改进CUSUM算法的路由器异常流量检测[J].软件学报,2005,16(12):2117-2123. 被引量:27
  • 4陈伟,何炎祥,彭文灵.一种轻量级的拒绝服务攻击检测方法[J].计算机学报,2006,29(8):1392-1400. 被引量:26
  • 5Lakhina A, Crovella M, Diot C. Diagnosing network-wide traffic anomalies. In: Proc. of the 2004 Conf. on Applications, Technologies, Architectures, and Protocols for Computer Communication. New York: ACM Press, 2004. 219-230. http://portal.acm.org/citation.cfm?id=1015492.
  • 6Krishnamurthy B, Sen S, Zhang Y, Chcn Y. Sketch-Based change detection: Methods, evaluation, and applications. In: Proc. of the ACM SIGCOMM Internet Measurement Conf. New York: ACM Press, 2003. 234-247. http://portal.acm.org/citation.cfm?id= 948236.
  • 7Schweller R, Li ZC, Chen Y, Gao Y, Gupta A. Reverse hashing for high-speed network monitoring: Algorithms, evaluation, and applications. In: Proc. of the 25th IEEE Int'l Conf. on Computer Communications. New York: IEEE, 2006. 1397-1408.
  • 8Dewaele G, Fukuda K, Borgnat P. Extracting hidden anomalies using sketch and non gaussian multiresolution statistical detection procedures. In: Proc. of the Int'l Multimedia Conf. of the 2007 Workshop: Large Scale Attack Defense. New York: ACM Press, 2007. 145-152. http://portal.acm.org/citation.cfm?id=1352664.1352675.
  • 9Muthukrishnan S. Data streams: Algorithms and applications. 2007. http://www.cs.rutgers.vdu/-muthu/stream-1-1.ps.
  • 10Lawrence C J, Wegman MN. Universal classes of hash functions. Journal of Computer and System Sciences, 1979,18(2): 143-154.

共引文献20

同被引文献41

  • 1龚俭,彭艳兵,杨望,刘卫江.基于BloomFilter的大规模异常TCP连接参数再现方法[J].软件学报,2006,17(3):434-444. 被引量:24
  • 2诸葛建伟,王大为,陈昱,叶志远,邹维.基于D-S证据理论的网络异常检测方法[J].软件学报,2006,17(3):463-471. 被引量:54
  • 3郑军,胡铭曾,云晓春,郑仲.基于数据流方法的大规模网络异常发现[J].通信学报,2006,27(2):1-8. 被引量:17
  • 4任勋益,王汝传,王海艳.基于自相似检测DDoS攻击的小波分析方法[J].通信学报,2006,27(5):6-11. 被引量:56
  • 5Krugel C, Toth T, Kirda E. Service specific anomaly de- tection for network intrusion detection [ C ]//Proceedings of the 2002 ACM Symposium on Applied Computing. New York: ACM Press ,2002:201 - 208.
  • 6Sengar H, Wang X, Wang H, et al. Online detection of network traffic anomalies using behavioral distance [ C ]// Proceedings of 2009 17th International Workshop on Quality of Service. New York : IEEE ,2009 : 1 - 9.
  • 7Portnoy L, Eskin E, Stolfo J. Intrusion detection with unla- beled data using clustering [ C ]//Proceedings of 2001 ACM CSS Workshop on Data Mining Applied to Security. Philadelphia: ACM Press ,2001:5 - 8.
  • 8Jiang Shengyi, Song Xiaoyu, Wang Hui, et al. A clustering -based method for unsupervised intrusion detections [ J ]. Pattern Recognition Letters, 2006,27 ( 7 ) : 802 - 810.
  • 9Kind A, Stoecklin M, Dimitropoulos X. Histogram - based trat-c anomaly detection [ .l ]. IEEE Transactions on Net- work and Service Management, 2009,6 (2) : 110 - 121.
  • 10Hareesh I, Prasanna S, Vijayalakshmi M, et al. Anomaly detection system based on analysis of packet header and payload histograms [ C ]//Proceedings of International Conference on Recent Trends in Information Technology. Piscataway : IEEE Computer Society ,2011:412 - 416.

引证文献4

二级引证文献45

通信学报
2011年 第12期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部