摘要
随着因特网规模的不断扩大和复杂化,各种异常行为频繁发生.有效地检测出网络中的流量异常行为,对于保证网络正常运行具有很重要的意义.文章提出了一种根据非饱和链路中的流特性的网络流量异常检测算法.该算法综合利用了指数加权移动平均(exponentially weighted moving average,EWMA)预测模型检测突变异常和均衡模型(equilibrium model,EQM)检测相关性流异常的能力,对链路流量进行建模,检测链路中流量异常.实验结果分析表明:对比于其他检测算法,文章提出的方法能够有效地检测多类异常,并具有很好的检测效果.
As the expanding and increasing of the complexity of the internet, a variety of anomalies occur in the network. Effectively detecting the abnormal traffic behaviors is very important to guarantee the reliable operation of the network. In this paper, we propose an anomaly detection method based on traffic flow feature in a non-saturated link. To model and detect the anomalies of the network link traffic, this method utilizes the ability of EWMA forecasting model to detect the burst anomalies and the equilibrium model to detect the correlated flow anomalies. Experiment analysis demonstrate that, compared to other detection methods, our method could successfully detect several kinds of anomalies with preferable detection performance.
出处
《系统科学与数学》
CSCD
北大核心
2015年第10期1127-1134,共8页
Journal of Systems Science and Mathematical Sciences
基金
国家自然科学基金(61174124
61233003)
高等学校博士点基金(20123402110029)
安徽省高校自然科学研究项目(KJ2012A286)资助课题
关键词
异常检测
EWMA
均衡模型
相关流.
Anomaly detection, EWMA, equilibrium model, correlated flow.
