基于逻辑回归模型的流量异常检测方法研究

网络流量作为异常检测的基本数据源,其行为特征的准确描述,是网络异常行为实时检测的重要依据.本文针对流量异常检测问题,提出了一种基于逻辑回归模型的网络流量异常检测方法.通过分析源IP、目的 IP等多个网络流量基本特征,构造了网络异常行为和正常行为的训练机,并且在此基础上采用逻辑回归建立起网络异常流量挖掘模型.利用实验室所采集的真实网络流量对所构建的模型进行检测,以验证该模型的有效性.实验结果表明本文所建立的网络模型在异常流量挖掘方面准确度高、实时性好.     

灰理论数列灰预测在CERNET西南网点网络流量预测中的应用

关键网点网络流量预测是网络测量和网络行为研究十分重要的部分.网络流量测量和预测可以获取流量未来走势和分析用户行为变化,可调控目前措施和网络设计,也可解决网络异常状况.文章应用灰理论数列灰预测中GM(1,1,D)模型建立CERNET西南网点电子科大通信学院主网流量时间序列模型,结果表明,该方法是有效可行的.     

基于GPRS的手机网络流量计量技术研究

基于GPRS技术和当前手机网络流量计费原理的现状,提出了基于GPRS的手机网络流量计量标准,给出了满足用户的知情权和证明通信运营服务商流量记录的公平公正性的测量方案,并引入了软计量器具的概念.     

基于小波变换的网络流量在线预测模型

在无抽取Haar小波变换的基础上,结合自适应AR模型和滑动窗口式多项式拟合方法,建立了一种基于小波变换的递推式高速网络流量在线预测模型.该模型首先用无抽取Haar小波变换把网络流量时间序列分解为细节信号和近似信号,然后对细节信号部分使用自适应AR模型预测,对近似信号部分则使用滑动窗口式多项式拟合方法预测,最后用小波重构获得原始时间序列的预测值.该模型不但提高了流量在线预测的准确性,而且通过模型参数的递推式自动调整,避免了参数的定期估计和更新.     

航空发动机低温试验流量参数异常诊断与分析

针对某型航空发动机在低温试验中流量参数异常现象,分析发动机低温条件下工作机理,精准定位燃油泵调节器工作异常是燃油流量参数异常的原因。采用故障树分析方法对燃油泵调节器低温工况下流量异常故障进行逐级分解分析,建立了影响流量的顶事件和10个底事件。通过分析底事件,定位低温下计量活门流通异常是燃油泵调节器流量异常的根本原因。分析了燃油泵调节器计量活门的基本结构,建立基于计量活门的二维和三维仿真模型,通过分析计算仿真模型在不同温度下的大、小流量数据以及对比验证试验数据结果,验证了仿真模型的准确性和有效性。     

基于无线技术的液压油泵测试装置设计

研制了一种基于无线技术的液压油泵测试装置,该装置能够在不拆卸液压设备且不影响液压油泵正常工作的情况下,对液压油泵在正常运行过程中的工作状态进行实时监测,确保液压油泵安全工作.采集的数据可以通过蓝牙传到地面系统,通过对温度、压力、流量等数据的分析处理,画出压力-流量曲线,并于标准曲线相比较,可诊断液压油泵是否出现故障等.     

ANFIDS:基于模糊神经网络的自适应入侵检测系统

在研究和分析现有网络入侵检测技术的基础上,提出了一种基于神经网络和模糊推理技术的自适应入侵检测系统（ANFIDS）。该系统运用模糊理论把安全参数模糊化,使得系统能更好地描述网络流量特性与攻击的关系,从而更精确地捕获攻击行为,同时利用网络流量对隶属度函数和模糊规则进行调整和优化。实验结果表明,训练后的ANFIDS系统能够检测网络的异常行为并有效地减低误报率。     

基于特征加权的朴素贝叶斯流量分类方法研究

研究了被广泛应用于互联网流量分类的朴素贝叶斯分类方法的性能特点,针对此方法在给定类别下给出的所有流量特征同等重要并且是独立的假设在现实中难以满足,致使分类准确率不高的问题,提出一种基于特征加权的朴素贝叶斯流量分类算法。该算法基于NetFlow记录的特征信息,采用特征选择算法ReliefF和相关系数方法计算每个特征的权重值,然后将网络流量分配至后验概率最大的应用类别中。实验结果表明,这种基于特征加权的朴素贝叶斯算法具有超过94%的分类准确率,并且维持了朴素贝叶斯方法简单高效、分类稳定的特性,可以满足当前高带宽网络流量分类的需求。     

网络流量分析与应用

利用Sniffer分析当前校园网中网络流量的类型,对不同流量测量的方法进行介绍和对比,提出网络流量测量的必要性,对进行流量测量时使用的Sniffer及相关实现技术和标准进行探讨。     

高速IP网络流量测量系统的设计与实现

为克服网络带宽提高带来的网络流量测量的困难,在分析传统网络流量测量系统存在的问题的基础上,采用零拷贝分组捕获和裸设备存储(零拷贝存储)等关键技术,设计并实现了一个被动式网络流量测量系统,该系统的测量性能较传统方法有大幅提高,并具有较好的时间精确度,能够满足千兆网络的流量测量需求.     

YATA: Yet Another Proposal for Traffic Analysis and Anomaly Detection

Network traffic anomaly detection has gained considerable attention over the years in many areas of great importance. Traditional methods used for detecting anomalies produce quantitative results derived from multi-source information. This makes it difficult for administrators to comprehend and deal with the underlying situations. This study proposes another method to yet determine traffic anomaly (YATA), based on the cloud model. YATA adopts forward and backward cloud transformation algorithms to fuse the quantitative value of acquisitions into the qualitative concept of anomaly degree. This method achieves rapid and direct perspective of network traffic. Experimental results with standard dataset indicate that using the proposed method to detect attacking traffic could meet preferable and expected requirements.     

网络传输层产生自相似业务的一个原因

网络传输层可以产生自相似性的发现，引发了对网络长相关性流量模型更进一步的研究，文章结合网络流量的研究进展，介绍现有网络传输层产生自相似业务的一个原因。     

Modelling traffic congestion using queuing networks

Traffic studies have been carried out predominantly using simulation models which are both time and capital intensive. In this paper, an analytical model of uninterrupted single-lane traffic is proposed using queuing analysis. Well-known Traffic Flow-Density diagrams are obtained using simple Jackson queuing network analysis. Such simple analytical models can be used to capture the effect of non-homogenous traffic.     

Modelling and control of broad band traffic using multiplicative multifractal cascades

We present the results on the modelling and synthesis of broad-band traffic processes namely ethernet inter-arrival times using the VVGM (variable variance gaussian multiplier) multiplicative multifractal model. This model is shown to be more appropriate for modelling network traffic which possess time varying scaling/self-similarity and burstiness. The model gives a simple and efficient technique to synthesise Ethernet inter-arrival times. The results of the detailed statistical and multifractal analysis performed on the original and the synthesised traces are presented and the performance is compared with other models in the literature, such as the Poisson process, and the Multifractal Wavelet Model (MWM) process. It is also shown empirically that a single server queue preserves the multifractal character of the process by analysing its inter-departure process when fed with the multifractal traces. The result of the existence of a global-scaling exponent for multifractal cascades and its application in queueing theory are discussed. We propose tracking and control algorithms for controlling network congestion with bursty traffic modelled by multifractal cascade processes, characterised by the Holder exponents, the value of which at an interval indicates the burstiness in the traffic at that point. This value has to be estimated and used for the estimation of the congestion and predictive control of the traffic in broadband networks. The estimation can be done by employing wavelet transforms and a Kalman filter based predictor for predicting the burstiness of the traffic.     

The development of traffic and traffic safety in six developed countries.

Two models are presented, describing the development of traffic and traffic safety. Traffic volumes, measured by the total amount of vehicle kilometers per year, are expected to follow a sigmoid saturation curve over time. The logistic function is used to model this development. The fatality rate, the number of fatalities per vehicle kilometer, is chosen to measure safety. The (negative) exponential function is selected to model the fatality rates over time. It is argued that these two aspects of the traffic system are fundamental and that the development of the number of fatalities results by multiplication. Given this assumption, the fall in the number of fatalities, noticed in almost all developed countries after a steady increase until 1970, does not need a special explanation. It follows from the combination of the monotonically increasing traffic volumes and the monotonically decreasing fatality rates. The two parsimonious models fit the data fairly well for six developed countries. The parameters differ substantially between countries, but also show common features. It is found from the parameters of the logistic function, that for all countries the points of maximum increase in traffic volume coincide just after 1970, the moment of the energy crisis. It is concluded from this finding that the energy crisis was caused by the cumulating demands of the oil-consuming countries, resulting in a reaction of the oil-producing countries. From the parameters of the exponential function, it is found that there also is a common point of intersection for fatality rates around 1980. It is shown that the development of safety is directly related to the development of traffic. The ten-year delay is interpreted as the time necessary for planning and implementation of safety measures. Finally, a striking relation is found between the volume parameters and the fatality-rate parameters, suggesting that the number of fatalities is a function of the derivative of the amount of traffic in the mathematical sense.     

基于超车分析的多用户动态最优交通分配模型

基于对道路网络中广泛存在的超车现象的分析,以车辆行驶速度为标准对车辆进行了分类,建立了解决车辆行驶不满足FIFO规则现象的多用户动态最优分配模型,并考虑了不同用户之间存在的不对称影响,建立了多用户路段费用函数,给出了最优条件和等价的变分不等式模型,描述了分类有序的交通流运行行为。该模型的建立有助于交通管理者作出更合理的控制策略。     

Macroscopic models for traffic and traffic safety

This paper describes models for traffic volumes and traffic safety. These models have a very simple mathematical form and consist of time parameters only. The first model assumes that fatality rates follow a negative exponential function. The second model assumes a logistic type of saturation model for traffic volumes. The models are applied to traffic volumes and fatality rates in the Netherlands, the United States, West Germany, and Great Britain. These applications show fairly good results. The agreement between the models and the data shows that linearity of the log-fatality rates and the log-volume rates turn out to be reasonable assumptions. Furthermore, a relation between the two models is suggested from the data that links safety outcomes to developments in traffic volume. From the models, predictions are made for traffic volume, fatality rates, and fatalities in the future on the basis of time parameters only.     

New solution algorithms for asymmetric traffic assignment model

Abstract

The asymmetric traffic assignment model can improve the traditional traffic assignment model by adopting detailed network representation and more realistic asymmetric cost functions. The diagonalization, streamlined diagonalization, and projection methods are three widely mentioned solution algorithms for solving asymmetric traffic assignment models. The diagonalization and streamlined diagonalization methods have the advantage of requiring less computer memory but typically require greater computational time. The projection method has the advantage of converging more rapidly but requires a large computer memory. In order to balance computer memory and computational time, we propose two new algorithms; i.e., hybrid and streamlined hybrid methods. According to our case study, the proposed algorithms show their superiority over the diagonalization and streamlined diagonalization methods in terms of computational time, and over the projection method in terms of computer memory. Both new algorithms can handle small or medium networks sized asymmetric traffic assignment problems on personal computers.