期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于分层抽样算法的异常攻击流量检测 被引量:4

Anomalous Attack Traffic Detection Based on Stratified Sampling Algorithm
下载PDF
导出
摘要 在高速互联网应用中,海量数据无法逐包检测分析,异常攻击流量也不易被识别。为解决该问题,利用泊松帕累托突发过程的经典流量模型对网络流量自相似特性进行分析,将网络流量分为长流与短流,并根据数据流到达时间的抽样比增量进行分层抽样,由此实现异常攻击流量的检测。在基于数据报文级检测的snort异常入侵检测系统上对该方法进行仿真实验,结果证明其能有效缩小异常攻击数据范围,快速准度地检测出攻击。 With the application of high-speed Internet,all packets can not be followed by detection in massive data.Abnormal attack traffic is hardly identified.Poisson Pareto Burst Process(PPBP) of Classic model is used to analyze self-similarity of network traffic.Flow size is divided into long and short for a stratified sampling algorithm,according to sampling ratio incremental based on flow arrival time.The method is applied in anomalous detection system based on snort,and simulation results show that it can effectively reduce range of abnormal attack data,and detect quickly and precisely.
作者 王苏南 李印海 罗兴国
机构地区 国家数字交换系统工程技术研究中心
出处 《计算机工程》 CAS CSCD 2012年第12期105-109,共5页 Computer Engineering
基金 国家"863"计划基金资助项目"面向融合网络的大规模接入汇聚路由器关键技术研究与产业化应用"(2011BAH19B00)
关键词 异常流量 流量抽样技术 泊松帕累托突发过程 三明治抽样 分层抽样 异常攻击检测 anomalous traffic traffic sampling technology Poisson Pareto Burst Process(PPBP) sandwich sampling stratified sampling anomalous attack detection
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献12

二级参考文献59

  • 1胡峰,王国胤.二维表快速排序的复杂度分析[J].计算机学报,2007,30(6):963-968. 被引量:17
  • 2Liu Y, Towsley D,Ye T, et al. An Information-theoretic Approach to Network Monitoring and Measurement [C]//Proc of ACM Conference on Internet Measurement. Berkeley: ACM, 2005: 159-172.
  • 3Paul B, Jeffery K, David P, et al. A Signal Analysis of Network Traffic Anomalies [C]//Proc of ACM SIGCOMM Workshop on Internet Measurement. Marseilles: ACM, 2002: 71-82.
  • 4Avinash S, Tao Y, Supratik B. Connectionless Port Scan Detection on the Backbone [C]//Proc ot lnternet Pertormance, Computing, and Communications Conference. Phoenix: IEEE, 2006: 567-576.
  • 5Avinash S, Tao Y, Supratik B. Connectionless Port Scan Detection on the Backbone [C]//Proc of Internet Performance, Computing, and Communications Conference. Phoenix: IEEE, 2006: 567-576.
  • 6Jianning M, Chuah C N, Ashwin S, et al. ls Sampled Data Sufficient for Anomaly Detection[C]//Proc of ACM SIGCOMM Conference on Internet Measurement. Rio de Janeriro: ACM, 2006.. 165-176.
  • 7Cisco Systems, Inc. Random Sampled NetFlow[OL]. [2007-08-27]. http://www, cisco, eom/en/US/products/ps6566/ products_ feature guide09186a0080796a49, html.
  • 8Claise B. Specification of the IPFIX Protocol for the Exchange of IP Traffic Flow Information [OL]. [2008-01-01]. http://tods, ietf. org/htm, rfc5101.
  • 9Duffield N, Lund C, Thorup M. Estimating Flow Distributions from Sampled Flow Statistics[J]. IEEE/ACM Trans on Networking, 2005, 13(5): 933-946.
  • 10ApisdorI J, Claffy K, Thompson K, et al. OC3MON: Flexible, Affordable, High Performance Statistics Collection [C]//Proc of Internet Society's 7th Annual Conference. Kuala Lumpur: Internet Society, 1997: 97-112.

共引文献30

同被引文献27

  • 1刘渊,刘元珍,李小航.一种新的基于SCBF的流抽样测量算法研究[J].计算机工程与应用,2007,43(29):140-142. 被引量:3
  • 2Rama<handran A, Seetharman S, Feamster N ,et al. Fast monitoring oftraffic suiipopulalions [ C ]//Proc of the 8th ACM SKJCOMM Con-ference on Internet Measurement. New York : ACM Press, 2008 : 257-270.
  • 3Mandies M , Van (le Meent R. Resource dimensioning through buffersampling[ J]. IEEE/ACM Trans on Networking, 2009,17 (5 ):1631-1644.
  • 4Kawahara R, Ishibashi K, Mori T, et al. Detection accuracy of net-work anomalies using sampled flow statistics[ C]//Proc of Global Tel-ecommunications Conference. [ S. 1. ] :IEEE Press,2007 : 1959-1964.
  • 5Silveira F,Diot C,Taft N,et al. ASTUTE:detecting a different class oftraffic anomalies[ J ]. ACM SIGCOMM Computer ComrnunicationReview,2010,40(4) :267-278.
  • 6Hohn N,Veitch D, Abry P. Cluster processes: a natural language fornetwork traffic[ J]. IEEE Trans on Signal Processing,2003,51(8)=2229-2244.
  • 7Karagiannis T, Molle M, Faloutsos M, et al. A nonstationary Poissonview of Internet traffic[ C]//Proc of the 23rd Annua! Joint Conferenceof the IEEE Computer and Communications Societies. [ S. 1. ] : IEEEPress,2004:1558-1569.
  • 8宁卓,龚俭,顾文杰.高速网络中入侵检测的抽样方法[J].通信学报,2009,30(11):27-36. 被引量:10
  • 9陈松,王珊,周明天.基于实时分析的网络测量抽样统计模型[J].电子学报,2010,38(5):1177-1180. 被引量:12
  • 10林明方.高速网络流量测量中抽样技术的研究[J].硅谷,2010,3(10):86-86. 被引量:3

引证文献4

二级引证文献32

计算机工程
2012年 第12期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部