摘要
近年来,随着网络规模的不断增长、网络应用的多样化、加密数据传输技术的逐步成熟,终端主机行为的分析也越来越复杂。文章提出一种基于图模型的主机行为分析方法,利用社区检测来发现具有相似行为的终端主机,并通过引入Spark GraphX技术使得该方法具备可扩展性和实用性。实验结果表明,该方法可以有效分析具有相似行为的主机群体,降低了大规模网络异常检测的复杂度。
In recent years,with the continuous increase of the network scale,diversification of network applications and the gradual maturity of the encrypted data transmission technology,the analysis of the terminal host behavior have become more and more complicated.This paper presents a graph-based approach that uses community detection to discover end hosts with similar behavior.And the approach are scalable and practical by introducing Spark GraphX technology.The experimental results show that this method has strong validity and reference in the data analysis based on NetFlow,and can be referenced for large-scale network analysis.
作者
王劲松
南慧荣
张洪豪
WANG Jinsong;NAN Huirong;ZHANG Honghao(School of Computer Science and Engineering,Tianjin University of Technology,Tianjin 300384,China;National Engineering Laboratory for Computer Virus Prevention and Control Technology,Tianjin 300457,China;Tianjin Key Laboratory of Intelligence Computing and Novel Sofware Technology,Tianjin 300384,China)
出处
《信息网络安全》
CSCD
北大核心
2018年第12期1-7,共7页
Netinfo Security
基金
国家自然科学基金[61272450]
