摘要
实时异常检测是目前网络安全的研究热点.基于大规模网络流量的统计特征,寻找能够评价网络行为的稳定测度,并建立抽样测量模型.基于中心极限理论和假设检验理论,建立网络流量异常行为实时检测模型.最后定义ICMP请求报文和应答报文之间比率的网络行为测度,并实现对CERNET网络ICMP扫描攻击的实时检测.该方法和思路对其他网络安全检测研究具有一定的指导意义.
Real-Time anomaly detection is a highlighted topic of network security research in recent years. Based on statistics character of traffic in a large-scale network, the steady metrics that can estimated network behavior are found and a sampling measurement model is presented in this paper. According to the center limited theory and hypothesis test, a real-time detection model on anomaly behavior of network traffic is built. Finally, the network behavior metrics on the ratio between ICMP request packets and reply packets is defined and the ICMP scan attack in the CERNET network is monitored real timely. Method and idea of this model provide some directed sense for other network security detection research.
出处
《软件学报》
EI
CSCD
北大核心
2003年第3期594-599,共6页
Journal of Software
基金
Supported by the National Natural Science Foundation of China under Grant No.90104031 (国家自然科学基金)
the National High-Tech Research and Development Plan of China under Grant No.2001AA112060 (国家高技术研究发展计划)
