摘要
网络流量异常检测要解决的核心问题之一是获得信息的全面性和流量信息描述的准确性。针对现有网络异常流量检测方法分析多时间序列的不足,提出了一种基于图挖掘的流量异常检测方法。该方法使用时间序列图准确、全面地描述用于流量异常检测的多时间序列的相互关系;通过对项集模式进行支持度计数,挖掘各种频繁项集模式,有利于对各种异常流量的有效检测;通过挖掘各项集之间的关系,引入了项集的权重系数,解决了流量异常检测的多时间序列相互关系的量化问题。仿真结果表明,该方法能有效地检测出网络流量异常,并且对DDos攻击的检测效果明显优于基于连续小波变换的检测方法。
Comprehensive collection and accurate description of traffic information are core problems in network traffic anomaly detection. Aiming at the lack of traffic anomaly detection in analyzing multi time series,we proposed a network traffic anomaly detection method based on graph mining. Our method accurately and completely described the relationship among nulti-time series which are used in traffic anomaly detection by time-series graph. By mean of the support count of the patterns, our method mined all the frequent patterns, which is conducive to detecting many kinds of abnormal traffic effectively, through mining the relationship among all pattern sets, our method introduced weight coefficients of the pattern sets, which is able to solve relationship quantification issues of multi-time series in traffic anomaly detection. The simulation results show that the proposed method can effectively detect the network traffic anomaly and achieves a higher accuracy than the based CWT (Continuous Wavelet Transform) method in term of DDos attacks detection.
出处
《计算机科学》
CSCD
北大核心
2009年第1期46-50,共5页
Computer Science
基金
国家自然科学基金(60572092)
教育部"新世纪优秀人才支持计划"(NCET-07-0148)资助
关键词
网络流量异常检测
多时间序列
图挖掘
Network traffic anomaly detection,Multi time series,Graph mining
