摘要
提出了大规模网络中一种基于相似度的异常检测模型。该模型利用大规模网络中的多种网络数据流特征,经过高频统计,建立特征集,并计算实时特征集与标准特征集的相似度。当大规模网络中发生攻击或病毒时,网络流量的自相似性将遭到破坏。通过与正常情况时的比较可以及时准确地发现攻击引起的异常。实验结果表明这种综合多个网络特征的检测模型比起单一的特征检测明显降低了误报率,也比较适用于大规模网络。
An anomaly detection model based on the multi-feature similarity in large-scale network is proposed in this paper. The model uses a variety of flux characteristics of the network in large-scale network, after high frequent statistics, the establishment of the character set and the calculation of similarity factors between real-time character sets and standard character sets. The similarities of network flows will be destroyed when large-scale network attacks or viruses. So the network anomaly through comparison with the normal situation can be promptly and accurately found. Experimental results show that the more comprehensive network character detecting model with a single character of detection is lower misstatement, quite applicable to large-scale network.
出处
《计算机工程》
CAS
CSCD
北大核心
2007年第24期181-183,共3页
Computer Engineering
基金
国家信息安全管理中心242项目"宏观网络预警与应急响应系统"(2005A09)
关键词
大规模网络
多特征相似度
特征集
异常检测
large-scale network
multi-feature similarity
character set
anomaly detecting