期刊文献+

工业网络流量异常检测的概率主成分分析法 被引量:22

A Probabilistic Principal Component Analysis Approach for Detecting Traffic Anomaly in Industrial Networks
下载PDF
导出
摘要 针对主成分分析(PCA)法用于工业测控网络流量异常检测时存在的误报率高的问题,提出了一种基于概率主成分分析(PPCA)的检测算法.首先通过分析误报成因,建立了工业测控网络流量矩阵的PPCA模型,然后使用迭代变分贝叶斯算法辨识该模型的参数,再利用模型参数估计值求解流量矩阵的秩的分布函数并得到秩的极大似然估计值,最后以秩的跃变状况为判据进行异常流量检测.模拟攻击实验表明,该方法使漏报率平均下降了32%,从而有效降低了PCA方法的误报率. An algorithm using probabilistic principal component analysis(PPCA) is proposed to reduce the false alarm rate of anomaly detection of industrial networks using traditional principal component analysis(PCA).A PPCA model of industrial network traffic matrix is established by analyzing the causes of false alarm.Parameters in the model are identified by using the iterative variational Bayesian algorithm,and then are used to infer the rank of the PPCA model.Traffic anomaly is finally detected by making judgement on the rank.Simulated attack experiments show that the proposed method decreases false alarm rate by 32% in average,and effectively reduces the false alarm rate of PCA method.
出处 《西安交通大学学报》 EI CAS CSCD 北大核心 2012年第2期70-75,共6页 Journal of Xi'an Jiaotong University
基金 国家自然科学基金创新研究群体科学基金资助项目(50421703)
关键词 工业网络 流量异常检测 主成分分析 误报率 变分贝叶斯 industrial networks traffic anomaly detection principal component analysis false alarm rate variational Bayesian method
  • 相关文献

参考文献15

  • 1Jochen V A, Holditch S A,Assocs. Determining permeability in coalbed methane reservoirs. SPE 28584,1994
  • 2LAKHINA A, CROVELLA M, DIOT C. Diagnosing network-wide traffic anomalies [C]// Proceedings of ACM SIGCOMM 2004: Conference on Computer Communications. New York, USA: ACM, 2004: 219-230.
  • 3LAKHINA A, CROVELLA M, DIOT C. Character- ization of network-wide anomalies in traffic flows [C] //Proceedings of the 2004 ACM SIGCOMM Internet Measurement Conference. New York, USA. ACM, 2004 : 201-206.
  • 4LAKHINA A, CROVELLA M, DIOT C. Mining anomalies using traffic feature distributions [J]. Computer Communication Review, 2005, 35(4) : 217-228.
  • 5张文铸,刘佳,袁坚,张林,山秀明.基于PCA的对等网络流量时空特性监测[J].清华大学学报(自然科学版),2010,50(4):561-564. 被引量:3
  • 6RUBINSTEIN B, NELSON B, HUANG L, et al. Compromising PCA-based anomaly detectors for network-wide traffic, UCB/EECS-2008-73 [R]. Berkeley, USA: UCB, 2009.
  • 7钱叶魁,陈鸣.面向PCA异常检测器的毒害攻击和防御机制[J].电子学报,2011,39(3):543-548. 被引量:6
  • 8CHATZIGIANNAKIS V, PAPAVASSILIOU S, ANDROULIDAKIS G. Improving network anomaly detection effectiveness via an integrated multi-metric-multi-link (Ma L) PCA-based approach[J]. Security and Communication Networks, 2009, 2(3): 289-304.
  • 9BRAUCKHOFFD, SALAMATIAN K, MAY M. Applying PCA for traffic anomaly detection: problems and solutions [C]// Proceedings of IEEE INFOCOM 2009. Piscataway, NJ, USA: IEEE, 2009: 2866- 2870.
  • 10ZAIDI Z, HAKAMI S, MOORS T, et al. Detection and identification of anomalies in wireless mesh networks using principal component analysis [J]. Journal of Interconnection Networks, 2009, 10(4): 517-534.

二级参考文献20

  • 1David F. P2P file sharing-The evolving distribution chain [EB/OL]. (2006). http://www.dcia. info/aetivities/p2pmswde 2006/ferguson. pdf.
  • 2Greenberg A, Hjalmtysson G, Maltz A, et al. A clean slate 4D approach to network control and management [J]. ACM SIGCOMM Computer Communication Review, 2005, 35(5) : 41 -54.
  • 3Ripeanu M, Foster I, Iamnitchi A. Mapping the Gnutella network: Properties of large-scale peer-to-peer systems and implications for system design [J]. IEEE Internet Computing Journal, 2002, 6(1) : 50 - 57.
  • 4Stutzbach D, Rejaie R, Sen S. Characterizing unstructured overlay topologies in modern P2P file-sharing systems [J]. Networking, IEEE/ACM Transactions on, 2008, 16(2) 267 - 280.
  • 5Gummadi K P, Dunn R J, Saroiu S, et al. Measurement, modeling, and analysis of a peer-to-peer file-sharing workload [J]. ACM SIGOPS Operating Systems Review, 2003, 37(5) : 314- 329.
  • 6Stutzbach D, Rejaie R. Characterizing churn in peer-to-peer networks. Technical Report, CIS-TR-2005-03 [R]. USA: University of Oregon, 2005.
  • 7Lakhina A, CroveUa M, Diot C. Diagnosing network-wide traf-fic anomalies[ A ]. ACM SI6COMM [ C]. Portland, Oregon, USA,2004. 123 -134.
  • 8Rubinstein B I P, Nelson B, Huang L, et al. Compromising PCA-based Anomaly Detectors for Network-wide Traffic[R]. Technical Report UCB/EECS-2008-73,2009.
  • 9Ringberg H, Soule A, Rexford J, et al. Sensitivity of PCA for traffic anomaly detection[ A]. SIGMETRICS [ C]. San Diego, California, USA, 2007.212 -223.
  • 10Hubert M,Rousseeuw P J,Branden K V. ROBPCA:a new ap-proach to robust principal component analysis [ J ]. Technometfics,2005,47(3) :64-79.

共引文献9

同被引文献140

引证文献22

二级引证文献219

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部