期刊文献+

PCA-Based Network Traffic Anomaly Detection 被引量:4

PCA-Based Network Traffic Anomaly Detection
原文传递
导出
摘要 The use of a Traffic Matrix(TM) to describe the characteristics of a global network has attracted significant interest in network performance research. Due to the high dimensionality and sparsity of network traffic, Principal Component Analysis(PCA) has been successfully applied to TM analysis. PCA is one of the most common methods used in analysis of high-dimensional objects. This paper shows how to apply PCA to TM analysis and anomaly detection. The experiment results demonstrate that the PCA-based method can detect anomalies for both single and multiple nodes with high accuracy and efficiency. The use of a Traffic Matrix(TM) to describe the characteristics of a global network has attracted significant interest in network performance research. Due to the high dimensionality and sparsity of network traffic, Principal Component Analysis(PCA) has been successfully applied to TM analysis. PCA is one of the most common methods used in analysis of high-dimensional objects. This paper shows how to apply PCA to TM analysis and anomaly detection. The experiment results demonstrate that the PCA-based method can detect anomalies for both single and multiple nodes with high accuracy and efficiency.
出处 《Tsinghua Science and Technology》 SCIE EI CAS CSCD 2016年第5期500-509,共10页 清华大学学报(自然科学版(英文版)
基金 supported by the National Natural Science Foundation of China (No. 61100218)
关键词 traffic matrix network performance principal component analysis anomaly detection traffic matrix network performance principal component analysis anomaly detection
  • 相关文献

参考文献1

二级参考文献15

  • 1杨一,郑建德.基于蚂蚁聚类的自适应拒绝服务攻击检测技术[J].通信学报,2006,27(z1):88-91. 被引量:1
  • 2孙知信,唐益慰,张伟,宫婧,王汝传.基于特征聚类的路由器异常流量过滤算法[J].软件学报,2006,17(2):295-304. 被引量:15
  • 3XU K, ZHANG Z L, BHATTACHARYYA S. Intemet traffic behavior profiling for network security monitoring[J]. IEEE/ACM Transactions on Networking, 2008, 16(6):1241-1252.
  • 4LAKHINA A, CROVELLA M, DIOT C. Mining anomalies using traffic feature distrlbutlons[A]. SIGCOMM[C]. Philadelphia, Pennsylvania, USA, 2005.134-145.
  • 5TORRES R, HAJJAT M, RAO SG, et al. Inferring undesirable behavior fiom P2P traffic analysis[A]. SIGMETRICS[C]. USA, 2009. 231-242.
  • 6GU G, PERDISCI R, ZHANG J, et al. BotMiner: clustering analysis of network traffic for protocol and structure-independent botnet detection[A]. USENIX Security[C]. USA., 2008.67-76.
  • 7DENNING D. An intrusion-detection model[J]. IEEE Transactions on Software Engineering, 1987, 13(2):222-232.
  • 8SOULE A, SALAMATIAN K E, TAFT N. Combining filtering and statistical methods for anomaly detection[A]. IMC[C]. Boston, USA, 2005. 311-322.
  • 9LI M, LI J, ZHAO W. Experimental study of DDOS attacking of flood Type based on NS2[J]. Int J Electronics and Computers, 2009, 1(2): 143-152.
  • 10LI M. Change trend of averaged hurst parameter of traffic under DDOS flood attacks[J). Computers & Security,2006, 25(3): 213-220.

共引文献11

同被引文献42

引证文献4

二级引证文献31

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部