首页 | 本学科首页   官方微博 | 高级检索  
     

基于小波分解的群落流量异常检测
引用本文:王娟,靳京,钱伟中,秦志光.基于小波分解的群落流量异常检测[J].电子测量与仪器学报,2010,24(4):365-370.
作者姓名:王娟  靳京  钱伟中  秦志光
作者单位:电子科技大学计算机科学与工程学院,成都,611731
基金项目:国家自然科学基金,国家信息安全计划项目 
摘    要:针对大规模高速网络海量数据处理和异常检测率较低的问题,将群落概念引入流量异常检测领域,用小波三层分解和偏离值结合的检测方法,实验性地证明了基于群落的检测比基于网络的检测能提供更加准确和高效的检测结果。因为以群落为观察范围,可以避免对群落的攻击被其他群落的无关网络活动所掩盖,并且可以分流数据。文中对群落检测所使用的特征集进行了研究,在总结已有基于Netflow记录的特征的基础上,用基于相关性的方法剔出了强相关的特征,优选出适合群落检测的特征集,避免了当前基于Netflow的异常检测中随意选取特征所造成的信息冗余。

关 键 词:群落  异常检测  小波分解  特征选择

Community traffic anomaly detection using wavelet analysis
Wang Juan,Jin Jing,Qian Weizhong,Qin Zhiguang.Community traffic anomaly detection using wavelet analysis[J].Journal of Electronic Measurement and Instrument,2010,24(4):365-370.
Authors:Wang Juan  Jin Jing  Qian Weizhong  Qin Zhiguang
Affiliation:Wang Juan Jin Jing Qian Weizhong Qin Zhiguang(School of Computer Science and Engineering,University of Electronic Science and Technology,Chengdu 611731,China)
Abstract:The large scale and high speed networks can create massive data and have low detection rate.In order to address these issues,the idea of "community" into network anomaly detection area is borrowed,and applied three-layer wavelet decomposition as well as deviation score detection method are applied.The results of experiment demonstrated that,the community-based detection can achieve higher detection rate and better efficiency than the net-work-based detection.This is because,with the community-based detection,the community attacks covered by activi-ties of another unrelated communities could be eliminated,and the network data could be separated when community is used as monitor scope.The features of community detection is also studied in the paper.Then,based on the summary of the features of Netflow records,using the correlation based method to remove strong correlative features,and select proper features of community detection.Therefore,the information redundancy existied in current Netflow based anomaly detection can be eliminated.
Keywords:community  anomaly detection  wavelet analysis  feature selection
本文献已被 CNKI 维普 万方数据 等数据库收录!
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号