摘要
在网络安全领域中,数据窃密检测是重要的研究内容。文章提出一种应用在网络流量场景下的时间序列分解算法,将时间序列分解为季节性数据、趋势数据、残差数据3部分,采用滑动窗口内的中位数来更好地拟合趋势数据,并且针对离散单点进行了过滤。同时,将异常点所在时间范围作为算法的最后输出形式。文章提出利用信息熵工具有助于发现隐蔽性较高的数据窃密行为。文中将本文算法和Piecewise Median算法、STL算法进行对比,并在经信息熵处理后的时间序列上应用本文算法进行检测。实验表明,本文算法相对于Piecewise Median算法、STL算法有较大幅度的性能提升,数据窃密检测效果良好。
In the field of network security, data theft detection is an important part of research contents. This paper proposes a time series decomposition algorithm in network traffic scenarios which decomposes data into three parts of seasonal data, trend data and residual data. The algorithm uses median in sliding window to fit better with the trend data, filters discrete single points, and takes the time interval containing continuous outliers as the final output form of the algorithm. The paper proposes that the information entropy of payload length is helpful detecting the hidden data theft behaviors. In the part of experiment, the algorithm is compared with STL and Piecewise Median algorithm. The algorithm is used to detect the time series that are processed with information entropy tool. Experiments show that, compared with STL and Piecewise Median algorithm, this algorithm improves the performances greatly, data theft detection effect is well.
出处
《信息网络安全》
CSCD
2017年第8期76-82,共7页
Netinfo Security
基金
国家科技支撑计划[2015BAK21B01]
关键词
大型服务器
数据窃密
时间序列分解
滑动窗口
large-scale server
data theft
time series decomposition
sliding window
