共查询到18条相似文献,搜索用时 187 毫秒
1.
2.
3.
目前的入侵检测系统(IDS)采用的分析技术主要为两种,误用检测(Misuse Detection)与异常检测(Anomaly Detection)[1-2]。误用检测的不足是无法检测未知的异常行为或恶意代码。异常入侵检测不需要事先知道入侵行为的特征,其假设当用户系统被攻击或者入侵时,会表现出不同往常的行为特点,作为检测依据。检测效率高,不依赖先验知识库,能够检测未知异常。本文提出了一种通过统计分析IP、端口、流量、周期、时间等因子来判定网络行为异常的检测方法。通过算法优化和实验验证,该方法针对常见的DDOS攻击、蠕虫扫描、木马窃密等网络行为都有较高的检测准确度。 相似文献
4.
通过网络参数设置、建立性能分析模型、采用新网络测试技术和使用开源网络测试软件Cacti进行具体网络测试与分析。搭建一个小型的骨干网络来模拟运营商的IP承载网,在IP网络的核心,以具体的网络故障排除作为分析实例,使用Cacti对网络流量进行监控和对流量图进行分析,以及性能测试与网络性能瓶颈分析,最后提出相关优化解决方案。 相似文献
5.
6.
7.
8.
为解决智能变电站过程层数据共享传输过程中出现的网络流量过大引起冲突或广播风暴的问题,分析研究网络报文流量的大小和过程层交换机网络延时,提出采用优先级和VLAN分级流量控制技术方案,并结合鲍店矿智能变电站实际情况进行VLAN逻辑划分,在应用中取得显著效果。 相似文献
9.
网络传输层可以产生自相似性的发现,引发了对网络长相关性流量模型更进一步的研究,文章结合网络流量的研究进展,介绍现有网络传输层产生自相似业务的一个原因。 相似文献
10.
曾斯 《中国新技术新产品》2023,(16):21-23
Botnet网络作为极具威胁的攻击类型,往往被用来发动大规模网络破坏活动。在Botnet网络中,为了保持服务器的隐蔽性、可用性,与域名关联的IP地址需要不停变动,而传统检测系统针对组织Botnet网络攻击显然已失效。因此,为了有效识别未知、潜伏的Botnet网络,该文设计了一种基于Snort的Botnet网络检测系统,并与传统检测系统进行比较。结果表明,该系统可以实时监测网络流量,从而快速检测攻击行为,检测正确率较高,具有良好的扩展性、可移植性。 相似文献
11.
Sampling has become an essential component of scalable Internet traffic monitoring and anomaly detection. A new flow-based sampling technique that focuses on the selection of small flows, which are usually the source of malicious traffic, is introduced and analysed. The proposed approach provides a flexible framework for preferential flow sampling that can effectively balance the tradeoff between the volume of the processed information and the anomaly detection accuracy. The performance evaluation of the impact of selective flow-based sampling on the anomaly detection process is achieved through the adoption and application of a sequential non-parametric change-point anomaly detection method on realistic data that have been collected from a real operational university campus network. The corresponding numerical results demonstrate that the proposed approach achieves to improve anomaly detection effectiveness and at the same time reduces the number of selected flows. 相似文献
12.
In various manufacturing applications such as steel, composites, and textile production, anomaly detection in noisy images is of special importance. Although there are several methods for image denoising and anomaly detection, most of these perform denoising and detection sequentially, which affects detection accuracy and efficiency. Additionally, the low computational speed of some of these methods is a limitation for real-time inspection. In this article, we develop a novel methodology for anomaly detection in noisy images with smooth backgrounds. The proposed method, named smooth-sparse decomposition, exploits regularized high-dimensional regression to decompose an image and separate anomalous regions by solving a large-scale optimization problem. To enable the proposed method for real-time implementation, a fast algorithm for solving the optimization model is proposed. Using simulations and a case study, we evaluate the performance of the proposed method and compare it with existing methods. Numerical results demonstrate the superiority of the proposed method in terms of the detection accuracy as well as computation time. This article has supplementary materials that includes all the technical details, proofs, MATLAB codes, and simulated images used in the article. 相似文献
13.
Mo Chen Xiaojuan Wang Mingshu He Lei Jin Khalid Javeed Xiaojun Wang 《计算机、材料和连续体(英文)》2020,64(2):941-959
Attacks on websites and network servers are among the most critical threats in
network security. Network behavior identification is one of the most effective ways to
identify malicious network intrusions. Analyzing abnormal network traffic patterns and
traffic classification based on labeled network traffic data are among the most effective
approaches for network behavior identification. Traditional methods for network traffic
classification utilize algorithms such as Naive Bayes, Decision Tree and XGBoost.
However, network traffic classification, which is required for network behavior
identification, generally suffers from the problem of low accuracy even with the recently
proposed deep learning models. To improve network traffic classification accuracy thus
improving network intrusion detection rate, this paper proposes a new network traffic
classification model, called ArcMargin, which incorporates metric learning into a
convolutional neural network (CNN) to make the CNN model more discriminative.
ArcMargin maps network traffic samples from the same category more closely while
samples from different categories are mapped as far apart as possible. The metric learning
regularization feature is called additive angular margin loss, and it is embedded in the
object function of traditional CNN models. The proposed ArcMargin model is validated
with three datasets and is compared with several other related algorithms. According to a
set of classification indicators, the ArcMargin model is proofed to have better
performances in both network traffic classification tasks and open-set tasks. Moreover, in
open-set tasks, the ArcMargin model can cluster unknown data classes that do not exist in
the previous training dataset. 相似文献
14.
Jieren Cheng Canting Cai Xiangyan Tang Victor S. Sheng Wei Guo Mengyang Li 《计算机、材料和连续体(英文)》2020,63(1):131-150
Traditional distributed denial of service (DDoS) detection methods need a lot of computing resource, and many of them which are based on single element have high missing rate and false alarm rate. In order to solve the problems, this paper proposes a DDoS attack information fusion method based on CNN for multi-element data. Firstly, according to the distribution, concentration and high traffic abruptness of DDoS attacks, this paper defines six features which are respectively obtained from the elements of source IP address, destination IP address, source port, destination port, packet size and the number of IP packets. Then, we propose feature weight calculation algorithm based on principal component analysis to measure the importance of different features in different network environment. The algorithm of weighted multi-element feature fusion proposed in this paper is used to fuse different features, and obtain multi-element fusion feature (MEFF) value. Finally, the DDoS attack information fusion classification model is established by using convolutional neural network and support vector machine respectively based on the MEFF time series. Experimental results show that the information fusion method proposed can effectively fuse multi-element data, reduce the missing rate and total error rate, memory resource consumption, running time, and improve the detection rate. 相似文献
15.
Intrusion detection involves identifying unauthorized network activity and recognizing whether the data constitute an abnormal network transmission. Recent research has focused on using semi-supervised learning mechanisms to identify abnormal network traffic to deal with labeled and unlabeled data in the industry. However, real-time training and classifying network traffic pose challenges, as they can lead to the degradation of the overall dataset and difficulties preventing attacks. Additionally, existing semi-supervised learning research might need to analyze the experimental results comprehensively. This paper proposes XA-GANomaly, a novel technique for explainable adaptive semi-supervised learning using GANomaly, an image anomalous detection model that dynamically trains small subsets to these issues. First, this research introduces a deep neural network (DNN)-based GANomaly for semi-supervised learning. Second, this paper presents the proposed adaptive algorithm for the DNN-based GANomaly, which is validated with four subsets of the adaptive dataset. Finally, this study demonstrates a monitoring system that incorporates three explainable techniques—Shapley additive explanations, reconstruction error visualization, and t-distributed stochastic neighbor embedding—to respond effectively to attacks on traffic data at each feature engineering stage, semi-supervised learning, and adaptive learning. Compared to other single-class classification techniques, the proposed DNN-based GANomaly achieves higher scores for Network Security Laboratory-Knowledge Discovery in Databases and UNSW-NB15 datasets at 13% and 8% of F1 scores and 4.17% and 11.51% for accuracy, respectively. Furthermore, experiments of the proposed adaptive learning reveal mostly improved results over the initial values. An analysis and monitoring system based on the combination of the three explainable methodologies is also described. Thus, the proposed method has the potential advantages to be applied in practical industry, and future research will explore handling unbalanced real-time datasets in various scenarios. 相似文献
16.
Distributed denial-of-service (DDoS) is a rapidly growing problem with the fast development of the Internet. There are multitude DDoS detection approaches, however, three major problems about DDoS attack detection appear in the big data environment. Firstly, to shorten the respond time of the DDoS attack detector; secondly, to reduce the required compute resources; lastly, to achieve a high detection rate with low false alarm rate. In the paper, we propose an abnormal network flow feature sequence prediction approach which could fit to be used as a DDoS attack detector in the big data environment and solve aforementioned problems. We define a network flow abnormal index as PDRA with the percentage of old IP addresses, the increment of the new IP addresses, the ratio of new IP addresses to the old IP addresses and average accessing rate of each new IP address. We design an IP address database using sequential storage model which has a constant time complexity. The autoregressive integrated moving average (ARIMA) trending prediction module will be started if and only if the number of continuous PDRA sequence value, which all exceed an PDRA abnormal threshold (PAT), reaches a certain preset threshold. And then calculate the probability that is the percentage of forecasting PDRA sequence value which exceed the PAT. Finally we identify the DDoS attack based on the abnormal probability of the forecasting PDRA sequence. Both theorem and experiment show that the method we proposed can effectively reduce the compute resources consumption, identify DDoS attack at its initial stage with higher detection rate and lower false alarm rate. 相似文献
17.
Yu Wang Yan Cao Liancheng Zhang Hongtao Zhang Roxana Ohriniuc Guodong Wang Ruosi Cheng 《计算机、材料和连续体(英文)》2019,60(3):1171-1187
Network traffic anomaly detection has gained considerable attention over the years in many areas of great importance. Traditional methods used for detecting anomalies produce quantitative results derived from multi-source information. This makes it difficult for administrators to comprehend and deal with the underlying situations. This study proposes another method to yet determine traffic anomaly (YATA), based on the cloud model. YATA adopts forward and backward cloud transformation algorithms to fuse the quantitative value of acquisitions into the qualitative concept of anomaly degree. This method achieves rapid and direct perspective of network traffic. Experimental results with standard dataset indicate that using the proposed method to detect attacking traffic could meet preferable and expected requirements. 相似文献
18.
准确识别护帮板支护状态,判断护帮板是否与采煤机发生干涉,是实现煤矿安全生产的重要一环。提出了一种基于改进YOLOv5s的护帮板异常检测方法。建立了护帮板数据集hb_data2021,对YOLOv5s模型进行改进。根据基于改进YOLOv5s的护帮板状态检测结果的标签分类,判断护帮板状态是否异常。为了减小YOLOv5s模型的参数量,采用MobileNetV3 和轻量级注意力机制NAM(normalization-based attention module,标准化注意力模块)替换主干特征提取网络。为了提高护帮板检测精度,改进损失函数为α-CIoU,并进行知识蒸馏。实验结果表明:蒸馏后的网络平均精度提高了1.0%,参数量减小了33.4%,推理加速34.2%;基于改进YOLOv5s的护帮板异常检测方法效果良好,将其部署在NVIDIA Jetson Xavier平台上,可以满足实时检测视频的要求。将检测模型移植到巡检机器人的嵌入式平台上,可以实现护帮板异常检测,满足煤矿工业实际需求。 相似文献