| 基于统计方法的骨干网异常流量建模与预警方法研究 |
| |
| 引用本文: | 顾荣杰,晏蒲柳,邹涛.基于统计方法的骨干网异常流量建模与预警方法研究[J].计算机科学,2006,33(2):92-96. |
| |
| 作者姓名: | 顾荣杰 晏蒲柳 邹涛 |
| |
| 作者单位: | 武汉大学电子信息学院,武汉,430072;北京系统工程研究所,北京,100101 |
| |
| 摘 要: | 近几年来,Internet上频繁发生的蠕虫爆发和大规模分布式拒绝服务事件使网络服务的安全性面临严重的威胁。本文介绍了一个基于异常流量检测的Internet骨干网流量早期预警系统ESTAB(Early-warning System of Traffic Anomaly Based)。它基于Internet骨干网异常流量发现原理,通过对端口、长度分布、TCP标志等直接变量(Direct Variable)的监测,并结合统计学中的时间序列分析方法,实时分析发现流量异常,并提出告警。文中提出了多种事件联合监测的概念,从流量监测角度有效地对付已知流量威胁(如已知蠕虫),并对未知流量威胁提供了相应的监测策略。
|
| 关 键 词: | 流量异常检测 Internet骨干网 时间序列分析 预测 预警 滑动时间窗 |
The Backbone Network Traffic Modeling and Anomalous Forecasting Approach Research Based on Statistic Method |
| |
| GU Rong-Jie,YAN Pu-Liu,ZOU Tao.The Backbone Network Traffic Modeling and Anomalous Forecasting Approach Research Based on Statistic Method[J].Computer Science,2006,33(2):92-96. |
| |
| Authors: | GU Rong-Jie YAN Pu-Liu ZOU Tao |
| |
| Affiliation: | 1,School of Electronic Information, Wuhan University, Wuhan 430072;2,Beijing Institute of System Engineering, Beijing 100101 |
| |
| Abstract: | Worm and Dos,DDos attacks take frequently place more and more nowadays,h makes the internet security facing serious threat.This paper introduced the algorithm and design of ESTABD,an internet backbone Early-Bird System of Traffic Anomaly Detection Based.ESTABD analyzes real-time traffic to discover the abrupt traffic anoma lous and generate warnings.A traffic anomaly detection algorithm based on Statistic Prediction theory is put forward and the algorithm has been tested on real network data.Further more,Alerts correlation algorithm and system policy are addressed in this paper to detect the known worms& DOs attacks and potentially unknown threats. |
| |
| Keywords: | Traffic anomaly detection Internet backbone Forecasting Time serial analysis Early warning Slip window |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
点击此处可从《计算机科学》下载全文 |
