摘要
图模型能够直观、完整地刻画网络流的连接模式,在网络流行为分析中具有独特的优势,但现有图模型方法存在构图方式单一、信息包含不完整、分析手段不够丰富等问题,通过借鉴知识图谱的概念,提出一种基于流知识图谱的网络流行为分析模型——网络流连接图。通过收集网络流信息构造网络流连接关系的基本模型,基于网络流属性信息设定图节点等级和边权值,在此基础上,利用节点与边的筛选规则提取网络应用行为的核心连接方式和简化网络规模,采用复杂网络特征分析方法提取网络流行为特征参数。实验结果表明,网络流连接图能够充分利用网络流行为测量数据中的可用信息,准确刻画网络应用流连接关系的固有特征,有效地检测与识别DDoS攻击、蠕虫传播以及端口扫描等网络异常行为,同时网络流连接图表现出良好的可扩展性,适合多种图挖掘算法的应用。
The graph model method has unique advantages in network flow behavior analysis,because it can intuitively and completely describe the connection mode of network flow.However,the current methods have many problems,such as single composition mode,incomplete information and insufficient analysis means etc.Therefore,by referring to the concept of knowledge graph,this paper proposes a network flow behavior analysis model based on flow knowledge graph,namely,the network flow connection graph.We first build the basic model of the network flow connection relationship by collecting the network flow information.Then we set the graph node level and the edge weight value based on the network flow attribute information.According to the filtering rules of the node and edge,we extract the core connection mode of the network application behavior and simplify the network scale.Finally,we adopt the complex network feature analysis method to extract the network flow feature parameters.Experimental results show that network flow connection graph can fully utilize the available information in the network flow behavior measurement data,accurately characterize the inherent characteristics of the network application flow connection relationship,and effectively detect and identify network abnormal behaviors such as DDoS attacks,worm propagation and port scanning.Besides,the network flow connection graph shows good scalability,making it suitable for the application of multiple graph mining algorithms.
作者
胡航宇
翟学萌
胡光岷
HU Hangyu;ZHAI Xuemeng;HU Guangmin(Key Laboratory of Optical Fiber Sensing and Communications,Ministry of Education,University of Electric Science and Technology of China,Chengdu 611731,China)
出处
《计算机工程》
CAS
CSCD
北大核心
2019年第11期234-242,共9页
Computer Engineering
基金
国家自然科学基金(61471101,61571094)
关键词
网络流行为分析
网络流
知识图谱
特征参数提取
异常检测
network flow behavior analysis
network flow
knowledge graph
feature parameter extraction
anomaly detection