摘要
对于大规模网络异常流量检测,由于数据包数量和规模过于庞大,利用传统的深度包检测技术难以在线实时发现网络中存在的攻击,尤其是网络中存在的新型的未知异常流量.本文利用分析IPFIX流量日志,对IPFIX流量进行属性提取,提出了一种改进K-means的算法,用于分析大规模高速网络中未知的异常流量,对于产生的聚类结果加以分析,得出网络中存在的新型的异常流量,并根据类内聚合程度,对类内发现的异常IP进行排查,从而判断攻击源.
For the large scale network traffic anomaly detection, as the number of data packets and the scale is too large, packet detection technology is difficult to detect the network attacks with traditional method in real-time. Especially for the un- known abnormal traffic behavior is more difficult to detect. This paper utilize the analysis of IPFIX. After extracting the flow at- tribute, use improved K-means algorithm to analyze the abnormal flow in massive network. Abnormal traffic will be presented in the abnormal cluster with the value of polymerization degree. As the abnormal cluster^s polymerization degree is much more higher than the normal clusters', it can find the attack source in the cluster.
出处
《天津理工大学学报》
2015年第3期1-5,11,共6页
Journal of Tianjin University of Technology
基金
国家自然科学基金(61272450)
天津市科技计划项目(14ZCZDGX00072)
天津市物联网智能信息处理创新团队建设项目(TD12-5016)
