| 基于信息熵理论的教育网异常流量发现* |
| |
| 引用本文: | 陈锶奇,王娟.基于信息熵理论的教育网异常流量发现*[J].计算机应用研究,2010,27(4):1434-1436. |
| |
| 作者姓名: | 陈锶奇 王娟 |
| |
| 作者单位: | 电子科技大学,计算机科学与工程学院,成都,611731 |
| |
| 基金项目: | 国家“242”信息安全计划资助项目(2006C27) |
| |
| 摘 要: | 为提高异常流量发现的效率,解决传统流量分析方法效率较低、异常检测能力弱的问题,对骨干路由器的netflow流数据采用基于多个信息熵的联合指标并结合基于滑动窗口的熵流突发检测算法来实现网络异常的发现;并利用各指标熵值的相关度分析将指标分类,根据已知的异常类型对每一类指标的异常检测范围作出总结。通过实验成功剔除了冗余度高的指标,将网络异常流量分为了能准确地被联合指标识别出的四种类型。实验证明,该异常检测方案实用性强,较传统的流量分析方法在异常类型的判断上更加准确和有效。
|
| 关 键 词: | 信息熵 基于移动窗口的熵流突发检测算法 netflow 网络异常发现 相关度分析 |
Entropy-based anomaly detection method for education network |
| |
| CHEN Si-qi,WANG Juan.Entropy-based anomaly detection method for education network[J].Application Research of Computers,2010,27(4):1434-1436. |
| |
| Authors: | CHEN Si-qi WANG Juan |
| |
| Affiliation: | (School of Computer Science & Engineering, University of Electronic Science & Technology of China, Chengdu 611731, China) |
| |
| Abstract: | To solve the problems of low efficiency and weak detecting ability in limited anomaly types of traditional network traffic detection method, this paper gave a new method that used seven indices to mine the netflow data from routers on the backstone network with applying the slipping window-based algorithm for detecting the bursts of the entropy stream in order to discover anomalies. In the meantime, presented correlativity of these entropy indices, according to it, sorted these entropy indices into four classes which had the extremely similary detection range. The experiment results illustrate that compared to the traditional traffic, this new method is more useful and accurate. |
| |
| Keywords: | information entropy the slipping window-based algorithm for detecting the bursts of the entropy stream netflow anomaly detection correlativity analysis |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《计算机应用研究》浏览原始摘要信息 |
|
点击此处可从《计算机应用研究》下载全文 |
