期刊文献+

一种基于小波分析的网络流量异常检测与定位方法 被引量:5

Anomaly Detection and Location Method of Network Traffic Based on Wavelet Analysis
下载PDF
导出
摘要 根据网络流量在大时间尺度上的自相似性,以及在小时间尺度上异常流量、Lipschitz正则性与小波变换模极大值三者之间的关系,提出基于小波分析的网络流量异常检测方法.设计了采用该方法检测网络流量异常的模型,解决了方法实现过程中小波选择、模极大值曲线衰减判断、Hurst指数与Lipschitz指数求解等一些关键问题.实验表明,提出的方法能够较好的发现网络流量异常事件并定位异常发生时刻. According to the self-similarity of network traffic in large scale, and the relationship among network traffic anomaly in small scale, Lipschitz regularity and wavelet transform modulus maxima, one anomaly detection based on wavelet analysis was proposed. Key issues of the choice of wavelet , judgment of the decay of modulus maxima curve, calculation of Hurst and Lipschitz were resolved, and software model for the method was designed. The experimental results show that the proposed method can find out network vattic anomaly in time, and locate the traffic anomaly time well.
出处 《小型微型计算机系统》 CSCD 北大核心 2010年第1期55-61,共7页 Journal of Chinese Computer Systems
基金 国家"八六三"高技术研究发展计划项目(2007AA10Z309)资助
关键词 网络流量异常 小波分析 Husrt指数 模极大值 Lipschitz指数 network traffic anomaly wavelet analysis hurst modulus maxima lipschitz
  • 相关文献

参考文献15

  • 1John E. Dickerson, Jukka Juslin, O Koukous oula, et al. Fuzzy inta'usion detection[ C]. IFSA World Congress and 20th NAFIPS International Conference. Vancouver, BC: IEEE, 2001, 1506-1510.
  • 2Sifts V A, Papagalou F. Application of anomaly detection algoftthms for detecting SYN flooding attacks [ CC ]. Proceedings of IEEE 2004 Global Communications Conference (GLOBECOM 04). Dallas: IEEE Communications Society, 2004, 2050-2054.
  • 3Lakhina A, Crovella M, Diot C. Characterization of network-wide anomalies in traffic flows[ R]. Proceedings of the 4th ACM SIGCOMM Conference on Interact Measurement. New York : ACM Press, 2004, 201-206.
  • 4Scung-won Shin, Ki-young Kim, Jong-soo Jang. D-SAT: detecting SYN flooding attack by two-stage statistical approach [ C ]. IEEE/IPSJ International Symposium on Applications and the Internet, Trcnto: IEEE Computer Society, 2005, 430-436.
  • 5孙钦东,张德运,高鹏.基于时间序列分析的分布式拒绝服务攻击检测[J].计算机学报,2005,28(5):767-773. 被引量:55
  • 6王风宇,云晓春,王晓峰,王勇.高速网络监控中大流量对象的提取[J].软件学报,2007,18(12):3060-3070. 被引量:22
  • 7Leland W, Taqqu M, Willinger W. On the serf-similar nature of ethernet traffic ( extended version ) [ J ]. IEEE/ACM Transactions on Networking, 1994, 2( 1 ), 1-15.
  • 8Paxson V, Floyd S. Wide area traffic : the failure of poisson modeling[J]. IEEE/ACM Transactions on Networking, 1995, 3 (2) , 226-244.
  • 9Yan Wei, Hou E, Anari N. Anomaly detection adn traffic shaping under serf-similar aggregaead traffic in iptical switched nemorks [C]. In : 2003 Intornational Conference on Commwhicatias Technology. Beijing,IEEE 2003,378-381.
  • 10Riedi R H, Crouse M S, Ribeiro V J. A multifractal wavelet model with application to network traffic[J]. IEEE Transactions on Information Theory, 1999, 45(3), 992-1018.

二级参考文献18

  • 1孙钦东,张德运,孙朝晖,张晓.基于流连接密度的分布式拒绝服务攻击检测[J].西安交通大学学报,2004,38(10):1048-1052. 被引量:5
  • 2龚俭,彭艳兵,杨望,刘卫江.基于BloomFilter的大规模异常TCP连接参数再现方法[J].软件学报,2006,17(3):434-444. 被引量:24
  • 3王洪波,韦安明,林宇,程时端.流测量中基于测量缓冲区的时间分层分组抽样[J].软件学报,2006,17(8):1775-1784. 被引量:14
  • 4Haykin S. Adaptive Filter Theory. Third Edition. Upper Saddle River, New Jersey: Prentice-Hall, 1996
  • 5Vapnik V.N. The Nature of Statistical Learning Theory. NY: Springer-Verlag, 1995
  • 6Burges C.J.C. A tutorial on support vector machines for pattern recognition. Data Mining and Knowledge Discovery, 1998, 2(2): 121~167
  • 7Boser B.E., Guyon I.M., Vapnik V.N. A training algorithm for optimal margin classifiers. In: Proceedings of the 5th Annual ACM Workshop on COLT, Pittsburgh, 1992, 144~152
  • 8Osuna E., Freund R., Girosi F. Training support vector machines: An application to face detection. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, San Juan, Puerto, Rico, 1997, 130~136
  • 9Platt J.C. Sequetial minimal optimization: A fast algorithm for training support vector machines. Microsoft Research: Technical Report MST-TR-98-14, 1998
  • 10Criscuolo P.J. Distributed denial of service- trin00, tribe flood network, tribe flood network 2000, and stacheldraht. Lawrence Livermore National Laboratory, Livermore, CA: Technical Report CIAC-2319, 2000

共引文献75

同被引文献51

引证文献5

二级引证文献28

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部