期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

利用互信息进行网络异常检测的熵特征优选 被引量:1

Entropy Feature Selection of Network Anomaly Detection by Using Mutual Information
下载PDF
导出
摘要 首先讨论了传统流量统计分析的缺点,指出熵分析能够反映更多潜在的信息,发现传统流量统计分析不能发现的网络异常。其次,讨论了流量熵和计数熵的不同,指出两者应该配合使用,不能如现有研究中一样片面地使用其中一种。最后,用互信息法分析了两种熵的常用特征,实验发现两者分别呈现冗余状态,在剔除冗余之后检测的效率有明显提高,且不失检测准确率。 Firstly, the shortcomings of traditional statistical analysis using network flow data are discussed, and it is pointed out that the entropy analysis can reflect more potential information to find out more network anomaly that can not be found by the traditional statistical analysis. Secondly, the difference between the flow entropy and count entropy is discussed and it is proposed that they should be used cooperatively and that using one of them just as existing studies is not recommended. Finally, features of the two kinds of entropy are studied bymu- tual information analysis. The simulations show that there is redundant in them. After redundant features are e- liminated, the detection efficiency is increased significantly while the detection accuracy is maintained.
作者 易胜蓝
机构地区 中国西南电子技术研究所
出处 《电讯技术》 北大核心 2012年第6期1018-1021,共4页 Telecommunication Engineering
关键词 网络异常检测 网络流量 互信息 熵特征优选 network anomaly detection network traffic mutual information entropy feature selection
分类号 TN915 [电子电信—通信与信息系统] TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献5

  • 1Nychis G,Sekar V,Andersen D G. An Empirical Evaluation of Entropy-based Traffic Anomaly Detection[A].New York,USA:ACM,2008.151-156.
  • 2Lall A,Sekar V,Ogihara M. Data streaming algorithms for estimating entropy of network traffic[J].ACM Sigmetrics Performnce Evaluation Review,2006,(01):145-156.doi:10.2105/AJPH.2009.176651.
  • 3Wagner A,Plattner B. Entropy Based Worm and Anomaly Detection in Fast IP Networks[A].Washington,DC,USA:IEEE,2005.145-156.
  • 4王海龙,杨岳湘.基于信息熵的大规模网络流量异常检测[J].计算机工程,2007,33(18):130-133. 被引量:14
  • 5王娟,靳京,钱伟中,秦志光.基于小波分解的群落流量异常检测[J].电子测量与仪器学报,2010,24(4):365-370. 被引量:5

二级参考文献21

  • 1刘建香.复杂网络及其在国内研究进展的综述[J].系统科学学报,2009,17(4):31-37. 被引量:72
  • 2林青家,陈涤,刘允才.网络流量的小尺度特性分析[J].电子测量与仪器学报,2007,21(3):92-97. 被引量:7
  • 3BARFORD P,KLINE J,PLONKA D,et al.A signal analysis of network traffic anomalies[C].Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment,Marseille,France,2002,71-82.
  • 4LAKHINA A,CROVELLA M,DIOT C.Mining anomalies using traffic feature distributions[J].SIGCOMM Comput Commun Rev,2005,35(4):217-228.
  • 5NYCHIS G,SEKAR V,ANDERSEN D G,et al.An empirical evaluation of entropy-based traffic anomaly detection[C].Proceedings of the 8th ACM SIGCOMM conference on Internet measurement,Vouliagmeni,Greece,2008,151-156.
  • 6XIN L,FANG N,CROVELLA M,et al.Detection and identification of network anomalies using sketch subspaces[C].Proceedings of the 6th ACM SIGCOMM conference on Internet measurement.Rio de Janeriro,2006:147-152.
  • 7LIN L Z,MIN H G,MIAO Y X,et al.Detecting distributed network traffic anomaly with network-wide correlation analysis[J].EURASIP Journal on Advances in Signal Processing,2009,2009:11 pages.
  • 8NEWMAN M E.The structure and function of complex networks[J].Siam Review,2003,45(2):167-256.
  • 9LU W,CHORBANI A A.Network anomaly detection based on wavelet analysis[J].EURASIP Journal on Advances in Signal Processing,2009:16.
  • 10Lakhina A,Crovella M,Diot C.Diagnosing Network-wide Traffic Anomalies[C]//Proc.of ACM SIGCOMM'04,Portland.2004.

共引文献17

同被引文献12

引证文献1

二级引证文献8

电讯技术
2012年 第6期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部