期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

利用残差分析的网络异常流量检测方法 被引量:31

Network Anomaly Detection Method Based on Residual Analysis
在线阅读 下载PDF
导出
摘要 针对网络异常流量检测中大数据小异常造成的难题,提出了一种新的基于残差分析的网络异常流量检测方法。从多个角度提取网络流量的特征属性,以准确刻画正常行为和异常行为之间的差异性。利用提取的特征属性构建属性矩阵,采用流之间的相似性构建邻接矩阵。使用属性矩阵和邻接矩阵构建网络异常检测模型,采用CUR矩阵分解方法重构属性矩阵得到主模式,对属性矩阵和重构的属性矩阵进行残差计算进而获得残差矩阵。对残差矩阵中的每一个流计算其残差,根据每个流的残差和预设阈值进行异常判定。采集了西安交通大学校园网流量数据进行实验,实验结果表明:所提方法在不需要任何先验知识的情况下能够使异常检测率达到90%以上;与其他异常检测方法相比,所提方法不仅具有较高的检测率,而且能够实现异常源定位。 Focusing on the challenges caused by the increasing traffic volumes and the cunning abnormal attacks,a new algorithm for network anomaly detection by residual analysis is developed.The network behavior attributes from different aspects are described to characterize the differences between the normal and abnormal behavior.The attributes are extracted to construct an attribute matrix,and the similarity of the flows is considered to construct an adjacency matrix,the model of network anomaly detection is then established by the two matrices.CUR matrix decomposition is realized to reconstruct attribute matrix to obtain the primary pattern.The residual matrix is obtained by analyzing the difference between the attribute matrix and reconstructed attribute matrix.The anomalies can be distinguished according to the residual value of each flow.Experimental results based on the traces collected from the campus network of Xi’an Jiaotong University show that the proposed algorithm holds a detection accuracy higher than 90%without any prior knowledge.Compared with the other anomaly detection algorithms,the proposed one can determine the goal of anomaly location with higher detection accuracy.
作者 孟永伟 秦涛 赵亮 马文强 王换招 MENG Yongwei;QIN Tao;ZHAO Liang;MA Wenqiang;WANG Huanzhao(MOE Key Laboratory for Intelligent and Network Security,Xi’an Jiaotong University,Xi’an 710049,China;Shenzhen Institute of Science and Technology,Xi’an Jiaotong University,Shenzhen,Guangdong 518057,China;Xi’an Institute of Space Radio Technology,Xi’an 710100,China)
机构地区 西安交通大学智能网络与网络安全教育部重点实验室 西安交通大学深圳科学技术研究院 西安空间无线电技术研究所
出处 《西安交通大学学报》 EI CAS CSCD 北大核心 2020年第1期42-48,84,共8页 Journal of Xi'an Jiaotong University
基金 国家自然科学基金资助项目(61772411) 深圳市基础研究计划资助项目(JCYJ20170816100819428) 陕西省自然科学基金资助项目(2018 JM6109)
关键词 异常检测 网络流量 矩阵分解 残差分析 anomaly detection network traffic matrix decomposition residual analysis
分类号 TP393.0 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献4

二级参考文献11

  • 1Lakhina A, Crovella M, Diot C. Diagnosing network-wide traffic anomalies. In: Proc. of the 2004 Conf. on Applications, Technologies, Architectures, and Protocols for Computer Communication. New York: ACM Press, 2004. 219-230. http://portal.acm.org/citation.cfm?id=1015492.
  • 2Krishnamurthy B, Sen S, Zhang Y, Chcn Y. Sketch-Based change detection: Methods, evaluation, and applications. In: Proc. of the ACM SIGCOMM Internet Measurement Conf. New York: ACM Press, 2003. 234-247. http://portal.acm.org/citation.cfm?id= 948236.
  • 3Schweller R, Li ZC, Chen Y, Gao Y, Gupta A. Reverse hashing for high-speed network monitoring: Algorithms, evaluation, and applications. In: Proc. of the 25th IEEE Int'l Conf. on Computer Communications. New York: IEEE, 2006. 1397-1408.
  • 4Dewaele G, Fukuda K, Borgnat P. Extracting hidden anomalies using sketch and non gaussian multiresolution statistical detection procedures. In: Proc. of the Int'l Multimedia Conf. of the 2007 Workshop: Large Scale Attack Defense. New York: ACM Press, 2007. 145-152. http://portal.acm.org/citation.cfm?id=1352664.1352675.
  • 5Muthukrishnan S. Data streams: Algorithms and applications. 2007. http://www.cs.rutgers.vdu/-muthu/stream-1-1.ps.
  • 6Lawrence C J, Wegman MN. Universal classes of hash functions. Journal of Computer and System Sciences, 1979,18(2): 143-154.
  • 7Wegman M, Carter J. New hash functions and their use in authentication and set equality. Journal of Computer and System Sciences, 1981,22(3):265-279.
  • 8NLANR. Retrieved May 10, 2008. ftp://pma.nlanr.net/traces/long/ipls/5/.
  • 9王洪波,程时端,林宇.高速网络超连接主机检测中的流抽样算法研究[J].电子学报,2008,36(4):809-818. 被引量:13
  • 10刘惊雷.CP-nets及其表达能力研究[J].自动化学报,2011,37(3):290-302. 被引量:17

共引文献55

同被引文献266

引证文献31

二级引证文献110

西安交通大学学报
2020年 第1期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部