摘要
网络异常检测是网络管理中非常重要的课题,因此已在近年来得到广泛研究。人们在该领域提出了许多先进的网络流量异常检测方法,但是自动准确地对网络流量进行分类和识别来发现网络中的异常流量仍然是一个非常具有挑战性的问题。文中提出了一种基于多维聚类挖掘的异常检测方法,通过两个阶段来实现异常检测。第一阶段先通过多维聚类挖掘算法,自动对网络中的流量进行多维聚类,第二阶段通过计算多维聚类的异常度来实现异常检测。通过文中的方法,网络中的异常流量被自动归类到不同的有意义的聚类中,通过对这些聚类进行分析可以发现网络中的异常行为。最后通过实验对算法进行了验证,结果表明该方法能够有效检测网络中的异常流量。
Network anomaly detection which is a very important issue in network management has been extensively studied in recent years. Although people in the field made a number of advanced works, the accuracy of automatic classification of network traffic to detect and identify abnormal network traffic is still a very challenging problem. It presents a multidimensional clustering based anomaly detection method, by two stages to achieve anomaly detection. The first phase, through multidimensional clastering algorithms, network traffic is au- tomatically mined into different multidimensional clusters. The second phase calculates the degree of multidimensional clusters to achieve anomaly detection. By this method, the abnormal network traffic is automatically classified into different meaningful clusters, and then these clusters can be used to find network anomalies. Finally, this algorithm was validated through experiments, the results show that the method can effectively identify abnormal network traffic.
出处
《计算机技术与发展》
2012年第7期136-139,142,共5页
Computer Technology and Development
基金
江苏省自然科学基金项目(BK2010526)
教育部博士点基金项目(20103223110003)
南京邮电大学引进人才项目(NY209021)
关键词
聚类
异常检测
网络安全
clustering
anomaly detection
network security
