期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于NetFlow的特征感知自适应的流采样方法 被引量:2

Feature perception adaptive flow sampling method based on NetFlow
下载PDF
导出
摘要 采样是网络异常检测中数据采集的主要方法。而网络流的持续时间、数据包的大小、异常流量出现的频率等都在不断变化,给准确的采样带来很多负面的影响。为此,提出了特征感知的自适应采样技术,在流量特征不断变化的情况下可以自动调整采样率,并将它和随机采样技术、选择采样技术进行比较,研究了这些采样技术在网络行为分析系统中保留网络特征的能力,实验结果表明此方法在保留网络特征和异常检测质量评估中,明显优于其他方法。 Sampling is a major method in data acquisition in network anomaly detection. But different duration of flow,different sizes of the packet and different frequency of abnormal flow have brought about measurable negative impact on the accurate sampling. For this, this paper presents a feature perception adaptive sampling technique which can adjust the sampling rate when context is changing. Compared the adaptive sampling with the random sampling and the choice sampling, it studies the technology on retaining network feature in network behavior analysis system. The experimental result shows that the method is superior to others in retained network feature and quality assessment of anomaly detection.
作者 刘晨光 刘伟辉 燕丽艳
机构地区 江苏师范大学信息网络中心 江苏师范大学图书馆
出处 《计算机工程与应用》 CSCD 2014年第24期104-108,186,共6页 Computer Engineering and Applications
基金 江苏师范大学校自然科学基金资助项目(No.10XLB20)
关键词 异常检测 采样技术 特征感知 NetFlow协议 采样模型 采样算法 anomaly detection sampling technology feature perception NetFlow protocol sampling model sampling algorithm
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献15

  • 1Mai J,Chuah C N,Sridharan A,et al.Is sampled data sufficient for anomaly detection?[C]//Proc of the 6th ACM SIGCOMM Conference on Internet Measurement.New York:ACM Press,2006:165-176.
  • 2Hohn N,Veitch D.Inverting sampled traffic[J].IEEE/ACM Transactions on Networking(TON),2006,14(1):68-80.
  • 3Duffield N,Lund C,Thorup M.Properties and prediction of flow statistics from sampled packet streams[C]//Proc of the 2nd ACM SIGCOMM Workshop on Internet Measurement.New York:ACM Press,2002:159-171.
  • 4Duffield N,Lund C,Thorup M.Estimating flow distributions from sampled flow statistics[J].IEEE/ACM Transactions on Networking(TON),2005,13(5):933-946.
  • 5Estan C,Keys K,Moore D,et al.Building a better netflow[C]//Proc of the 2004 Conference on Applications,Technologies,Architectures,and Protocols for Computer Communications(SIGCOMM’04).New York:ACM Press,2004:245-256.
  • 6Choi B Y,Zhang Z L.Adaptive random sampling for traffic volume measurement[J].Telecommunication Systems,2007,34(1/2):71-80.
  • 7Hu C,Wang S,Tian J,et al.Accurate and efficient traffic monitoring using adaptive non-linear sampling method[C]//The 27th Conference on Computer Communications,INFOCOM 2008,Phoenix,2008:26-30.
  • 8潘乔,裴昌幸.一种新的可变采样率的网络流量抽样测量方法[J].西安电子科技大学学报,2008,35(6):968-972. 被引量:3
  • 9王丹,谢高岗,杨建华,张广兴,李振宇.一种改进的自适应流量采样方法[J].计算机研究与发展,2007,44(8):1339-1347. 被引量:7
  • 10Ali S,Haq I U,Rizvi S,et al.On mitigating samplinginduced accuracy loss in traffic anomaly detection systems[J].ACM SIGCOMM Computer Communication Review,2010,40(3):4-16.

二级参考文献29

  • 1杨建华,谢高岗,李忠诚.一种业务流自适应尽力采样方法[J].计算机研究与发展,2006,43(3):402-409. 被引量:4
  • 2Liu Y, Towsley D,Ye T, et al. An Information-theoretic Approach to Network Monitoring and Measurement [C]//Proc of ACM Conference on Internet Measurement. Berkeley: ACM, 2005: 159-172.
  • 3Paul B, Jeffery K, David P, et al. A Signal Analysis of Network Traffic Anomalies [C]//Proc of ACM SIGCOMM Workshop on Internet Measurement. Marseilles: ACM, 2002: 71-82.
  • 4Avinash S, Tao Y, Supratik B. Connectionless Port Scan Detection on the Backbone [C]//Proc ot lnternet Pertormance, Computing, and Communications Conference. Phoenix: IEEE, 2006: 567-576.
  • 5Avinash S, Tao Y, Supratik B. Connectionless Port Scan Detection on the Backbone [C]//Proc of Internet Performance, Computing, and Communications Conference. Phoenix: IEEE, 2006: 567-576.
  • 6Jianning M, Chuah C N, Ashwin S, et al. ls Sampled Data Sufficient for Anomaly Detection[C]//Proc of ACM SIGCOMM Conference on Internet Measurement. Rio de Janeriro: ACM, 2006.. 165-176.
  • 7Cisco Systems, Inc. Random Sampled NetFlow[OL]. [2007-08-27]. http://www, cisco, eom/en/US/products/ps6566/ products_ feature guide09186a0080796a49, html.
  • 8Claise B. Specification of the IPFIX Protocol for the Exchange of IP Traffic Flow Information [OL]. [2008-01-01]. http://tods, ietf. org/htm, rfc5101.
  • 9Duffield N, Lund C, Thorup M. Estimating Flow Distributions from Sampled Flow Statistics[J]. IEEE/ACM Trans on Networking, 2005, 13(5): 933-946.
  • 10ApisdorI J, Claffy K, Thompson K, et al. OC3MON: Flexible, Affordable, High Performance Statistics Collection [C]//Proc of Internet Society's 7th Annual Conference. Kuala Lumpur: Internet Society, 1997: 97-112.

共引文献8

同被引文献18

引证文献2

二级引证文献3

计算机工程与应用
2014年 第24期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部