| 一种基于分组抽样的TRW改进算法 |
| |
| 引用本文: | 张海,张健,戴少锋.一种基于分组抽样的TRW改进算法[J].计算机工程与科学,2012,34(9):17-20. |
| |
| 作者姓名: | 张海 张健 戴少锋 |
| |
| 作者单位: | 南方医科大学网络中心,广东广州,510515 |
| |
| 摘 要: | 端口扫描是最常见的网络异常流量,TRW是端口扫描检测中最有代表性的算法之一。在高速网络环境下,网络测量通常采用分组抽样技术。已有的研究表明,分组抽样对原始流的流大小分布有细化和扭曲的作用,使得TRW检测算法随着抽样率的增加,成功检测率和误检率呈现出先增加后减少的趋势。本文提出了一种TRW的改进算法,原理是利用抽样后样本流中包含的TCP协议信息改善分组抽样下的流大小分布估计,从而提高TRW检测算法的有效性。实验证明,新算法与原算法相比,在成功检测率差不多的情况下,误检率明显降低了。
|
| 关 键 词: | 端口扫描 分组抽样 流大小 |
An Improved TRW Algorithm Based on Packet Sampling |
| |
| ZHANG Hai
,
ZHANG Jian
,
DAI Shao-feng.An Improved TRW Algorithm Based on Packet Sampling[J].Computer Engineering & Science,2012,34(9):17-20. |
| |
| Authors: | ZHANG Hai ZHANG Jian DAI Shao-feng |
| |
| Affiliation: | ( Network Centre , Southern Medical University , Guangzhou 510515 , China ) |
| |
| Abstract: | The portscan is most popular anomaly in the network and the TRW is the most representative algorithm for the portscan detection.The packet sampling is currently the majority of packet selection method used by many business demands.Prior work has shown that the packet sampling thins traffic flows and impacts anomaly detection.The success ratio and the false negative ratio of the TRW initially increases for low sampling intervals before dropping off for high sampling intervals as the traffic is increasingly thinned.Based on previous researches , we design an improved TRW using theTCP protocol information in the sampling packet.Experimental results show that using the algorithm the false negative ratio drops off while the success ratio does not change. |
| |
| Keywords: | portscan sampling flow size |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《计算机工程与科学》浏览原始摘要信息 |
|
点击此处可从《计算机工程与科学》下载全文 |
|
