摘要
针对现有网络流量异常检测方法检测精度低且对网络环境动态变化适应性差的问题,根据网络流量在相邻时间周期内的强相关性特性,提出一种自适应阈值的网络流量异常检测方法。利用滑动窗口控制KL距离值数量,建立指数加权移动平均模型获取下一时刻的KL距离预测值,并采用滑动窗口划分的KL距离子序列与预测值确定自适应阈值范围,通过判断观测值是否在自适应阈值范围内实现网络流量异常检测。实验结果表明,该方法能有效检测网络流量异常,具有较高的检测精度。
Aiming at the problem that the traffic anomaly detection method has low detection accuracy and poor adaptability to dynamic changes of network environment,an adaptive threshold network traffic anomaly detection method is proposed according to the strong correlation characteristics of network traffic in adjacent time periods.The sliding window is used to control the number of KL distance values,and the Exponentially Weighted Moving Average(EWMA) model is used to obtain the predicted value of the KL distance at the next moment,and the KL distance subsequence and the predicted value divided by the sliding window are determined.It adapts the threshold range and determines network traffic anomaly detection by determining whether the observed value is within the adaptive threshold range.Experimental results show that the method can effectively detect network traffic anomalies and has high detection accuracy.
作者
蒋华
张红福
罗一迪
王鑫
JIANG Hua;ZHANG Hongfu;LUO Yidi;WANG Xin(College of Computer and Information Security,Guilin University of Electronic Technology,Guilin,Guangxi 541004,China)
出处
《计算机工程》
CAS
CSCD
北大核心
2019年第4期108-113,118,共7页
Computer Engineering
基金
广西高校中青年教师基础能力提升项目(KY2016YB150)
桂林电子科技大学研究生教育创新计划项目(2017Y JCX48)
广西可信软件重点实验室基金(kx201724)
关键词
网络流量
异常检测
自适应阈值
KL距离
指数加权移动平均模型
滑动窗口
network traffic
anomaly detection
adaptive threshold
KL distance
Exponentially Weighted Moving Average(EWMA) model
sliding window
