摘要
为了准确检测网络中的流量异常情况,确保网络正常运行,提出基于特征符号表示的网络异常流量检测算法(NAAD-FD). NAAD-FD算法利用趋势转折点将网络流量数据按照基于趋势特征的符号表示方法进行转化,按照表示结果将原始数据转化为包含7项特征值的子序列,将7项特征值运用到提出的距离计算方法中;结合基于密度的算法,按照时间序列的网络异常流量定义执行异常检测.通过对算法参数、仿真数据和真实网络流量数据的实验与分析可知,该算法具有较强的鲁棒性,验证了该算法的有效性和稳定性.该算法通过降维简化表示,显著降低了算法的时间复杂度,有效加速异常检测过程约40%.
A network traffic anomaly detection algorithm based on feature-based symbolic representation(NAADFD) was proposed in order to accurately detect network traffic anomaly and guarantee network quality. The network traffic data were transformed into feature-based symbolic representation by segmenting data series according to network traffic turning points. Then the seven characteristic values of each subsequence were extracted, which can be used in the proposed distance measure. The network traffic anomaly sequences were detected with density-based algorithm according to the network traffic anomaly definition based on time series. The experimental results for algorithm parameters, simulation data and real network traffic data anomaly detection demonstrate that the proposed algorithm has strong robustness. The validity and stability of the algorithm were verified. The time complexity of the algorithm is significantly reduced by the proposed feature-based symbolic representation, which can accelerate the process of network traffic anomaly detection by around 40%.
作者
展鹏
陈琳
曹鲁慧
李学庆
ZHAN Peng;CHEN Lin;CAO Lu-hui;LI Xue-qing(School of Software,Shandong University,Jinan 250100,China;Informatization Office,Shandong University,Jinan 250100,China)
出处
《浙江大学学报(工学版)》
EI
CAS
CSCD
北大核心
2020年第7期1281-1288,共8页
Journal of Zhejiang University:Engineering Science
基金
赛尔网络下一代互联网技术创新项目(NGII20190109)
山东省社会科学规划资助项目(18CGLJ49)。
关键词
网络流量异常
时间序列
趋势特征
符号近似
转折点
network traffic anomaly
time series
trend feature
symbolic approximation
turning point
