摘要
针对如何提高网络流量异常行为检测准确率的问题,提出基于网络流时间影响域(TID)的网络流量检测模型.通过分析正常和异常情况下流量网络模型平均度的变化,构建了基于复杂网络平均度指标的网络流量异常检测算法.实验结果表明,基于网络流时间影响域的流量网络模型能合理地描述网络流量间的依赖关系,具有良好的检测性能,同时该网络模型仅需时间戳、源IP、目的 IP三维网络特征即可实现,检测方法适用于绝大多数网络类型,检测效率优于其他网络流量异常检测方法,具有较高的普适性.
Aiming at improving the accuracy rate of anomaly network traffic detection, a network traffic detection model was proposed based on the time influence domain(TID)of network flow.By analyzing the changes of average degree of traffic network model under the normal and abnormal conditions, an anomaly detection algorithm of network traffic based on the average degree metric of complex network was developed to detect the abnormal traffic.Experimental results show that based on the flow time influence domain, the anomaly detection model of traffic network can reasonably describe the inter-dependency relationship between network traffic.The proposed method has a better detection performance, meanwhile only three network features, i.e.timestamp, source IP and destination IP, are needed to implement the above model.Detection efficiency is better than other methods.The method proposed meets most network types and has a better ubiquity.
作者
徐久强
周洋洋
王进法
赵海
XU Jiu-qiang;ZHOU Yang-yang;WANG Jin-fa;ZHAO Hai(School of Computer Science & Engineering, Northeastern University, Shenyang 110169, China)
出处
《东北大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2019年第1期26-31,共6页
Journal of Northeastern University(Natural Science)
基金
中央高校基本科研业务费重大科技创新项目(N161608001)
关键词
网络流量
异常检测
流时间影响域
流量网络模型
网络平均度
network traffic
anomaly detection
flow time influence domain
traffic network model
network average degree
