开放式网络环境下终端流量异常远程诊断仿真

Terminal Flow Anomaly Remote Diagnosis Simulation in Open Network Environment

针对开放式网络环境中DDOS攻击及Alpha攻击可能导致网络终端流量异常的问题,传统的诊断方法将终端流量转换成相应流量关键点构建直方图,依赖于直方图统计值在终端异常情况下的流量特征与正常模式对比判定是否出现突变,在小比例异常情况下诊断精度较低。提出一种基于尖点突变模型的开放式网络环境下终端流量异常远程诊断方法。通过分析网络终端数据的交互特征构建数据通信行为矩阵,根据该矩阵设定相应的终端流量特征来测量流量的动态变化,从不同角度表征终端数据的通信行为,对终端流量所反映的异常通信行为进行准确定位,获取异常流量特征,构建终端正常流量的尖点突变模型,采用模型的平衡曲面来表征终端流量的行为,构造终端正常流量行为的平衡曲面,并以终端流量行为相对于正常流量平衡曲面的偏离程度作为异常流量诊断的依据。实验结果表明,所提方法对终端异常流量数据的变化较为敏感,在小比例异常情况下具有较高的诊断精度。

Because DDOS attack and Alpha attack in open network environment may cause the abnormal traffic on network terminal, and the traditional method has low diagnostic accuracy in the case of small - scale anomaly, this article presents a remote diagnosis method of terminal traffic anomaly based on cusp catastrophe model in open net- work environment. By analyzing the interaction feature of network terminal data, the behavior matrix of data communication was constructed. Based on this matrix, the corresponding terminal traffic features were set to measure the dy- namic change of traffic. Then, communication behavior of terminal data was characterized in different ways. Moreover, the abnormal communication behavior reflected by terminal traffic was accurately located to obtain the abnormal traffic feature and build the cusp catastrophe model of normal traffic of terminal. In addition, the balanced surface of model was used to characterize the behavior of terminal traffic and build the equilibrium profile of terminal normal traffic behavior. Finally, the deviation degree between terminal traffic behavior and equilibrium profile of normal traffic was taken as a basis for abnormal traffic diagnosis. Simulation results prove that the proposed method is sensitive to the change of terminal abnormal data. Meanwhile, it has high diagnostic accuracy in the case of small - scale anomaly.