| 基于概要数据结构的网络异常检测方法 |
| |
| 引用本文: | 龙门,夏靖波,张子阳.基于概要数据结构的网络异常检测方法[J].计算机应用与软件,2011,28(4). |
| |
| 作者姓名: | 龙门 夏靖波 张子阳 |
| |
| 作者单位: | 1. 空军工程大学电讯工程学院,陕西,西安,710077
2. 空军工程大学工程学院,陕西,西安,710038 |
| |
| 基金项目: | 陕西省自然科学基金项目(2009JM8001-1) |
| |
| 摘 要: | 提出一种基于概要数据结构(sketch)的网络异常检测方法。采用金字塔时间模型对高速网络数据流进行分析,并基于奇异熵提取sketch。统计一定周期内该数据结构的特征值变化趋势,计算出均值和梯度值,以及相应的报警区间。当告警出现时,该方法能分析出现异常的IP地址。实验证明,该方法能有效地对网络进行异常检测。
|
| 关 键 词: | 概要数据结构 金字塔时间模型 奇异熵 异常检测 |
SKETCH DATA STRUCTURE BASED NETWORK ANOMALY DETECTION METHOD |
| |
| Long Men,Xia Jingbo,Zhang Ziyang.SKETCH DATA STRUCTURE BASED NETWORK ANOMALY DETECTION METHOD[J].Computer Applications and Software,2011,28(4). |
| |
| Authors: | Long Men Xia Jingbo Zhang Ziyang |
| |
| Affiliation: | Long Men1 Xia Jingbo1 Zhang Ziyang2 1(School of Telecommunication Engineering,Air Force Engineering University,Xi'an 710077,Shaanxi,China) 2(School of Engineering,Xi'an 710038,China) |
| |
| Abstract: | The article proposes a sketch data structure based network anomaly detection method.It analyzes high speed network data with pyramid time model and extracts sketch by singular entropy,collects the variation trend of data structure eigenvalue during a certain period,calculates its average and gradient values as well as its correspondent alarm scope.When alarm appears,the method can draw out exceptional IP addresses.Experiments prove that the method is effective in network anomaly detection. |
| |
| Keywords: | Sketch data structure Pyramid time model Singular entropy Anomaly detection |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
