期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

应用交互式网络流模型的高速网络异常行为检测与控制 被引量:1

Abnormal Behavior Detection and Control in High Speed Networks Based on Bidirectional Flow
下载PDF
导出
摘要 针对网络异常流量的检测与定位问题,提出了一种根据网络流统计量异常变化和不完整网络流来有效识别并定位网络异常流量的方法.该方法建立在交互式网络流模型的基础上,分析了交互式网络流模型下各种网络流的交互特征;为准确实时获取网络异常源,采用中国余数定理,设计了连接度sketch结构中的哈希函数,满足了网络用户信息逆向求解的需要,实现了高速网络中异常网络流特征参数的实时获取;为减缓网络异常行为的扩散速度,提出采用动态软隔离方法实现网络异常行为的控制.真实环境下的实验结果表明,所提方法对于多种类型的网络异常行为具有良好的检测效果,检测的准确率和速率都得到了提高,同时可以准确地定位网络异常源,为有效控制网络异常行为的扩散奠定了基础. A new method is proposed to effectively identify and locate the abnormal network flows based on the abnormal changes of the flow statistics and the incomplete flows.The method bases on the bidirectional flow model,and analyzes the interactive features of different network flows.A hash function in the structure of the connection degree sketch is designed by using the Chinese remainder theorem,so that the source of the abnormal behaviors can be accurately and timely achieved,and the users'information is obtained from the abnormal flows in the high-speed networks.The dynamic and soft isolation method is used to control the abnormal behaviors and hence to slow down the spread speed of the abnormal behaviors.The experimental results in an actual network show that the proposed method is efficient in improving both the detection accuracy and speed for most kinds of abnormal behaviors.At the same time,the source of the abnormal flow is exactly located,and it is helpful to control the spread of the abnormal behaviors.
作者 杨柳静 秦涛 王晨旭
机构地区 西安交通大学智能网络与网络安全教育部重点实验室
出处 《西安交通大学学报》 EI CAS CSCD 北大核心 2012年第6期58-65,共8页 Journal of Xi'an Jiaotong University
基金 国家自然科学基金资助项目(61103240 91018011 60921003) 中央高校基本科研业务费专项资金资助项目(XJJ2011015)
关键词 交互式网络流模型 不完整交互行为 连接度sketch 异常行为检测与控制 bidirectional flow incomplete interactive behavior degree sketch abnormal behavior detection and control
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献25

  • 1MOORE D,SHANNON C.Code-red:a case study on the spread and victims of an internet worm[C]∥Pro-ceedings of the2002ACM SICGOMM Internet Meas-urement Workshop.New York,NY,USA:ACM,2002:273-284.
  • 2KIENZLE M,ELDER M.Recent worms:a survey and trends[C]∥Proceedings of the ACM CCS Work-shop on Rapid Malicious Code.New York,NY,USA:ACM,2003:1-10.
  • 3STANIFORD S,PAXSON V,WEAVER N,et al.How to own the internet in your spare time[C]∥Pro-ceedings of the11th USENIX Security Symposium.Berkeley,CA,USA:USENIX Association,2002:149-167.
  • 4DOULIGERIS C,MITROKOTSA A.DDoS attacks and defense mechanism:classification and state of the art[J].Computer Networks,2004,44(4):643-666.
  • 5PENG Tao,LECKIE C,RAMAMOHANARAO K.Survey of network based defense mechanisms:counte-ring the DoS and DDoS problems[J].ACM Computing Survey,2007,39(l):l-42.
  • 6肖志新,杨岳湘,杨霖.一个基于NetFlow的异常流量检测与防护系统[J].微电子学与计算机,2006,23(5):209-210. 被引量:11
  • 7KIM M S,KONG H J,HONG S C,et al.A flow-based method for abnormal network traffic detection[C]∥Proceedings of the Network Operations and Management Symposium.Piscataway,NJ,USA:IEEE,2004:599-612.
  • 8KRISHNAMURTHY B,SEN S,ZHANG Yin,et al.Sketch-based change detection:methods,evaluation,and applications[C]∥Proceedings of the ACM SIG-COMM Internet Measurement Conference.New York,NY,USA:ACM,2003:234-247.
  • 9GIBBONS P B,MATIAS Y.Synopsis structures for massive data sets[C]∥Proceedings of the10th Annual ACMSIAM Symposium on Discrete Algorithms.Philadelphia,PA,USA:Society for Industrial and Applied Mathematics,1999:909-910.
  • 10MUTHUKRISHNAN S.Data streams:algorithms and applications[M].Boston,MA,USA:Now Pub-lishers Inc.,2003.

二级参考文献11

  • 1王培发,张世维,李俊.SVG在网络流量监控中的应用与实现[J].微电子学与计算机,2005,22(4):162-165. 被引量:5
  • 2Cormode G, Muthukrishnan S. An improved data stream summary: The count-rain sketch and its applications [J]. Journal of Algorithms, 2005, 55(1) : 58 - 75.
  • 3Carter J L, Wegman M N. Universal classes of hash functions [J]. Journal of Computer and System Sciences (JCSS), 1979, 18(2): 143-154.
  • 4Agner Fog. Pseudo random number generators [EB/OL]. (2005). http: //www. agner.org/random/.
  • 5Rabin M O. Fingerprinting by random polynomials, Report TR-15-81[R]. Center for Research in Computing Technology, Harvard University, 1981.
  • 6NLANR. Network traffic packet header traces[EB/OL]. (2002). http: //pma. nlanr.net/Traces/.
  • 7http://www.cisco.com/en/US/products/ps6601/prod_white_papers_list.html
  • 8http://www.splintered.net/sw/flow-tools/docs/
  • 9P Barford,D Plonka.Characteristics of Net work Traffic Flow Anomalies.In Proceedings of ACM SIGCOMM Internet Measurement Workshop,San Francisco,CA,2001
  • 10http://www.dynamicnetworks.us/netflow/netflow-howto.html

共引文献11

同被引文献17

引证文献1

二级引证文献7

西安交通大学学报
2012年 第6期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部