| 基于概要数据结构可溯源的异常检测方法 |
| |
| 引用本文: | 罗 娜,李爱平,吴泉源,陆华彪. 基于概要数据结构可溯源的异常检测方法[J]. 软件学报, 2009, 20(10): 2899-2906. DOI: 10.3724/SP.J.1001.2009.03685 |
| |
| 作者姓名: | 罗 娜 李爱平 吴泉源 陆华彪 |
| |
| 作者单位: | 国防科学技术大学,计算机学院,湖南,长沙,410073 |
| |
| 基金项目: | Supported by the National High-Tech Research and Development Plan of China under Grant Nos.2007AA01Z474, 2006AA01Z451, 2007AA010502 (国家高技术研究发展计划(863)) |
| |
| 摘 要: | 提出一种基于sketch概要数据结构的异常检测方法.该方法实时记录网络数据流信息到sketch数据结构,然后每隔一定周期进行异常检测.采用EWMA(exponentially weighted moving average)预测模型预测每一周期的预测值,计算观测值与预测值之间的差异sketch,然后基于差异sketch采用均值均方差模型建立网络流量变化参考.该方法能够检测DDoS、扫描等攻击行为,并能追溯异常的IP地址.通过模拟实验验证,该方法占用很少的计算和存储资源,能够检测骨干网络流量中的异常IP地址.
|
| 关 键 词: | 异常检测 概要数据结构 溯源性 EWMA 均值均方差模型 |
| 收稿时间: | 2008-11-28 |
| 修稿时间: | 2008-12-30 |
Sketch-Based Anomalies Detection with IP Address Traceability |
| |
| LUO N,LI Ai-Ping,WU Quan-Yuan and LU Hua-Biao. Sketch-Based Anomalies Detection with IP Address Traceability[J]. Journal of Software, 2009, 20(10): 2899-2906. DOI: 10.3724/SP.J.1001.2009.03685 |
| |
| Authors: | LUO N LI Ai-Ping WU Quan-Yuan LU Hua-Biao |
| |
| Abstract: | In this paper, an anomaly detection method is proposed based on the summary data structure-sketch. It records the network traffic information in sketch online and detects anomalies at every circle. After using EWMA forecasting model to get each circle's forecast sketch, this paper computes the errors between the recoded sketch and forecast sketch. Then, the network traffic change reference is constructed by establishing the Mean-Standard deviation model on the error sketch. The method is effective in detecting DDOS attack, scan attack and so on. Particularly, it can track the IP address of anomaly. Evaluated by the experiment, this method can detect anomaly in the backbone network with small computing and memory resource. |
| |
| Keywords: | anomaly detection sketch traceability EWMA mean-standard deviation model |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《软件学报》浏览原始摘要信息 |
|
点击此处可从《软件学报》下载全文 |
|
