| 基于直方图聚类的网络流量异常检测技术研究 |
| |
| 引用本文: | 李强,严承华.基于直方图聚类的网络流量异常检测技术研究[J].信息网络安全,2012(1):40-42,57. |
| |
| 作者姓名: | 李强 严承华 |
| |
| 作者单位: | 海军工程大学电子工程学院,湖北武汉430033 |
| |
| 基金项目: | 全军军事学研究生课题[2010JY0698-403]; 湖北省自然科学基金[2010CDB01501] |
| |
| 摘 要: | 基于流量特征的异常检测技术主要是通过网络流量特征属性分布规律映射网络异常行为。为提高检测准确率,降低误报率,文章提出了基于流量特征直方图聚类的异常检测和分类的技术。通过直方图的方法详细描述网段流量特征的时空信息,然后聚类分析各种属性特征的正常模型,最后根据待测流量特征属性与正常模型之间的距离所组成的向量来衡量异常。基于DARPA99数据集的实验表明,该算法具有较高的异常检测和分类准确性。
|
| 关 键 词: | 网络异常检测 流量分布特征 特征直方图 层次聚类 |
Research of Network Traffic Anomaly Detection Technique Based on Histogram Clustering |
| |
| LI Qiang,YAN Cheng-hua.Research of Network Traffic Anomaly Detection Technique Based on Histogram Clustering[J].Netinfo Security,2012(1):40-42,57. |
| |
| Authors: | LI Qiang YAN Cheng-hua |
| |
| Affiliation: | (School of Electronic Engineering,Naval University of Engineering,Wuhan Hubei 430033,China) |
| |
| Abstract: | Feature-based anomaly detection technique describes the network anomaly by the distribution of traffic feature.To improve the accuracy and reduce false-positive,this paper proposed method based on clustering of traffic feature histograms technique.Histogram is used to describe the detailed information of spatio-temporal traffic feature,and then establish normal model according to cluster technique,at last based on the vector which composed of distance between traffic feature and normal model.Experiment on DARPA 99 data-set shows,this kind of method get high detection and classification accuracy. |
| |
| Keywords: | network anomaly detection feature of network traffic histogram of traffic feature hierarchical clustering |
| 本文献已被 CNKI 维普 等数据库收录! |
|
