摘要
网络流量异常检测对于保证网络稳定高效运行极为重要.目前基于主成分分析(PCA)的全网络异常检测算法虽然发挥了关键作用,但它还存在着受毒害攻击而失效的问题.为此,深入分析了毒害攻击的机制并对其进行了分类,提出了量化毒害流量的两个测度,并给出了3种新的毒害攻击机制;提出了一种基于健壮PCA的异常检测算法RPCA以抵御毒害攻击.模拟试验结果表明,RPCA算法在受到多种毒害攻击时仍然具有很好的检测性能,明显优于PCA异常检测器,且运行时间能够满足实际网络异常检测的需求.
Network traffic anomaly detection is crucial to guarantee stable and effective network operation.Nowadays,although PCA-based network-wide anomaly detector plays an important role,it cannot detect anomalous network traffic effectively in face of poison attacks.In order to solve poison attack problem aiming at PCA-based anomaly detector,poison attack strategies are investigated and classified,two metrics for quantifying poison traffic are proposed and three novel poison attack strategies are put forward.A robust PCA-based anomaly detection algorithm(for short RPCA) is proposed to resist poison attacks.Simulation experiment results show that RPCA algorithm can still perform very well in face of poison attacks,obviously superior to PCA-based anomaly detector,and its running time can satisfy the need of practical network anomaly detection.
出处
《电子学报》
EI
CAS
CSCD
北大核心
2011年第3期543-548,共6页
Acta Electronica Sinica
基金
国家自然科学基金(No.61070173)
国家863高技术研究发展计划(No.2007AA01Z418)
江苏省自然科学基金(No.BK2009058)
关键词
异常检测
毒害攻击
防御机制
主成分分析
健壮性
anomaly detection
poison attacks
defense strategy
principal component analysis
robustness