首页 | 本学科首页   官方微博 | 高级检索  
     

基于抽样测量的高速网络实时异常检测模型
引用本文:程光,龚俭,丁伟.基于抽样测量的高速网络实时异常检测模型[J].软件学报,2003,14(3):594-599.
作者姓名:程光  龚俭  丁伟
作者单位:东南大学计算机科学与工程系,江苏南京,210096
基金项目:Supported by the National Natural Science Foundation of China under Grant No.90104031 (国家自然科学基金); the National High-Tech Research and Development Plan of China under Grant No.2001AA112060 (国家高技术研究发展计划)
摘    要:实时异常检测是目前网络安全的研究热点.基于大规模网络流量的统计特征,寻找能够评价网络行为的稳定测度,并建立抽样测量模型.基于中心极限理论和假设检验理论,建立网络流量异常行为实时检测模型.最后定义ICMP请求报文和应答报文之间比率的网络行为测度,并实现对CERNET网络ICMP扫描攻击的实时检测.该方法和思路对其他网络安全检测研究具有一定的指导意义.

关 键 词:抽样测量  测度  异常检测  滑动窗口  高速网络
文章编号:1000-9825/2003/14(03)0594
收稿时间:2002/2/25 0:00:00
修稿时间:2002年2月25日

A Real-Time Anomaly Detection Model Based on Sampling Measurement in a High-Speed Network
CHENG Guang,GONG Jian and DING Wei.A Real-Time Anomaly Detection Model Based on Sampling Measurement in a High-Speed Network[J].Journal of Software,2003,14(3):594-599.
Authors:CHENG Guang  GONG Jian and DING Wei
Abstract:Real-Time anomaly detection is a highlighted topic of network security research in recent years. Based on statistics character of traffic in a large-scale network, the steady metrics that can estimated network behavior are found and a sampling measurement model is presented in this paper. According to the center limited theory and hypothesis test, a real-time detection model on anomaly behavior of network traffic is built. Finally, the network behavior metrics on the ratio between ICMP request packets and reply packets is defined and the ICMP scan attack in the CERNET network is monitored real timely. Method and idea of this model provide some directed sense for other network security detection research.
Keywords:sampling measurement  metric  anomaly detection  smoothing window  high-speed network
本文献已被 CNKI 维普 万方数据 等数据库收录!
点击此处可从《软件学报》浏览原始摘要信息
点击此处可从《软件学报》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号