期刊文献+

基于多特征相似度的大规模网络异常检测算法 被引量:5

Large-scale Network Anomaly Detecting Method Based on Multi-feature Similarity
下载PDF
导出
摘要 提出了大规模网络中一种基于相似度的异常检测模型。该模型利用大规模网络中的多种网络数据流特征,经过高频统计,建立特征集,并计算实时特征集与标准特征集的相似度。当大规模网络中发生攻击或病毒时,网络流量的自相似性将遭到破坏。通过与正常情况时的比较可以及时准确地发现攻击引起的异常。实验结果表明这种综合多个网络特征的检测模型比起单一的特征检测明显降低了误报率,也比较适用于大规模网络。 An anomaly detection model based on the multi-feature similarity in large-scale network is proposed in this paper. The model uses a variety of flux characteristics of the network in large-scale network, after high frequent statistics, the establishment of the character set and the calculation of similarity factors between real-time character sets and standard character sets. The similarities of network flows will be destroyed when large-scale network attacks or viruses. So the network anomaly through comparison with the normal situation can be promptly and accurately found. Experimental results show that the more comprehensive network character detecting model with a single character of detection is lower misstatement, quite applicable to large-scale network.
出处 《计算机工程》 CAS CSCD 北大核心 2007年第24期181-183,共3页 Computer Engineering
基金 国家信息安全管理中心242项目"宏观网络预警与应急响应系统"(2005A09)
关键词 大规模网络 多特征相似度 特征集 异常检测 large-scale network multi-feature similarity character set anomaly detecting
  • 相关文献

参考文献6

二级参考文献19

  • 1Schank R C. Dynamic memory: a theory of reminding and learning in computers and people[M]. Cambridge: Cambridge University Press, 1982.
  • 2Reisbeck C K, Schank R C. Inside case based reasoning[M]. Hillsdale: Erlbaum Associates, 1989.
  • 3Leake D B. Case-Based Reasoning: Experience, Lessons, and Fture Directions[M]. Menlo Park: AAAI Press/MIT Press, 1996.
  • 4中国海鹰机电技术研究院.世界导弹精粹[M].北京:军事科学出版社,1999..
  • 5JUAN M E,PEDRO G,JESUS E D.Anomaly detection methods in wired networks:a survey and taxonomy[J].Computer Communications,2004,27(16):1569-1584.
  • 6YE N,SEAN V,CHEN Q.Computer intrusion detection through EWMA for autocorrelated and uncorrelated data[J].IEEE Transactions on Reliability,2003,52(1):75-82.
  • 7WANG H,ZHANG D,KANG S.Detecting SYN flooding attacks[A].Proceedings of the IEEE Infocom[C].New York,2002.123-132.
  • 8JIN C,WILLIAM S C,DONG L.The effect of statistical multiplexing on the long-range dependence of Internet packet traffic[EB/OL].http://cm.bell-labs.com/stat/doc/multiplex.pdf,2001.
  • 9HUANG P,FELDMANN A,WILLINGER W.A non-intrusive,wavelet-based approach to detecting network performance problems[A].Proceedings of ACM SIGCOMM Internet Measurement Workshop 2001[C].San Francisco Bay Area,2001.
  • 10BARFORD P,KLINE J,PLONKA D.A signal analysis of network traffic anomalies[A].Proceedings of ACM SIGCOMM Intemet Measurement Workshop[C].Marseilles,France,2002.71-82.

共引文献38

同被引文献38

引证文献5

二级引证文献15

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部