摘要
提出了一种基于活跃熵的网络异常流量检测新方法,将受监控的目标网络视为一个整体系统,对进出系统的网络数据流所形成的NetFlow记录进行分析,分别统计二者的活跃度并计算它们的活跃熵。在进行活跃熵的计算时,根据流量大小选择不同的尺度来降低误报率,从而能更有效地检测网络流量中存在的异常。在实际网络环境下的模拟实验结果表明,与传统检测方案相比,基于活跃熵的网络异常流量检测方法能够更有效地检测出具有随机特征的网络异常流量。
A novel alive entropy-based detection approach was proposed, which detects the abnormal network traffic based on the values of alive entropies. The alive entropies calculated based on the NetFlow data coming from the network traffic of input and output of a whole system, which is essentially a monitored network. In order to decrease false positive rate of abnormal network traffic, different scales are selected to compute the values of alive entropies in different sizes of network traffic. With the low false positive rate of abnormal network traffic, the abnormal network traffic can be effectively detected. Experiments carried out on a real campus network were used to evaluate the effectiveness of the proposed approach. A comparative study illustrates that the proposed approach may easily detect the abnormal network traffic with random characteristics in comparison with some 'conventional' approaches reported in the literatures.
出处
《通信学报》
EI
CSCD
北大核心
2013年第S2期51-57,共7页
Journal on Communications
基金
国家自然科学基金资助项目(61272450)
滨海新区科技小巨人成长计划基金资助项目(2011-XJR12005)~~
