摘要
由于部分网络异常对流量变化影响不明显,流量分析难以发现此类异常。传统基于主成分分析的网络异常流量检测方法追求全局最优解,对局部特征提取不充分,导致对连续异常不敏感,降低了异常流量的检测精度,且物理意义不明确。针对上述问题,在多维信息熵的基础上,提出梯度投影非负矩阵分解异常流量检测方法。将流量数据处理为多维特征熵矩阵,用梯度投影非负矩阵分解方法重构多维熵矩阵,分离出正常和异常子空间,采用多元统计过程控制方法中的Q图检测异常。实验结果表明,与以流量分析为基础的主成分分析方法、传统非负矩阵分解方法相比,该方法能更快、更准确地检测出连续异常,对流量变化不敏感的低速分布式拒绝服务攻击检测效果明显提高,对蠕虫攻击更加敏感。
Because some network anomalies have little effect on traffic flow,it is difficult to find such anomalies in traffic analysis. Traditional anomaly traffic detection method based on Principal Component Analysis (PCA) is not suitable for continuous local anomalies detection, and it can reduce the detection accuracy of abnormal flow and the physical meaning is not clear. Aiming at the above situation, an anomalous traffic detection method based on Multidimensional Entropy-Projected Gradient Non-negative Matrix Factorization (ME-PGNMF) is proposed. Firstly, the network traffic data is processed into multidimensional entropy matrix, then Projected Gradient Non-negative Matrix Factorization (PGNMF) is used to reconstruct the multi-dimensional entropy matrix, and the normal subspace and abnormal subspace are separated. Finally, the anomaly is detected by multivariate statistical process control chart Q. Experimental results show that the proposed method can detect the continuous anomaly faster and more accurately than the traditional Nonnegative Matrix Factorization(NMF) method based on the PCA method based on the flow analysis. The low-speed Distributed Denial of Service (DDOS) attack anomaly detection is not sensitive to the traffic change. Attacks are more sensitive.
出处
《计算机工程》
CAS
CSCD
北大核心
2018年第1期165-170,共6页
Computer Engineering
关键词
网络流量
多维熵
异常检测
非负矩阵分解
子空间
network traffic
multidimensional entropy
abnormal detection
Non-negative Matrix Factorization(NMF)
subspace
