摘要
由于网络规模和复杂性不断增加,信息技术服务不能停止,所以现在这种需求如何主动的网络管理是非常显著的,并且有必要使用主动识别可能损害网络正常操作的路径选择模式的方法;针对自动化管理发现和预防潜在问题,提出并比较了基于统计过程主成分分析和蚁群优化元启发式的两种新型异常检测算法;执行IP数据流的主成分分析,代表每秒传输的比特、分组和流量,以及提取描述性流属性,如源IP地址,目的IP地址,源TCP/UDP端口和目的 TCP/UDP端口,通过使用动态时间扭曲度量的修改来将该签名与实际网络流量进行比较,以识别异常事件。
It is remarkable how proactive network management is in such demand nowadays,since networks are growing in size and complexity and Information Technology services cannot be stopped.In this manner,it is necessary to use an approach which proactively identifies traffic behavior patterns which may harm the network's normal operations.Aiming an automated management to detect and prevent potential problems,we present and compare two novel anomaly detection mechanisms based on statistical procedure Principal Component Analysis and the Ant Colony Optimization.These methods generate a traffic profile,called Digital Signature of Network Segment using Flow analysis(DSNSF),which is adopted as normal network behavior.Thus,a seven-dimensional analysis of IP flows is performed,allowing the characterization of bits,packets and flows traffic transmitted per second,and the extraction of descriptive flow attributes,like source IP address,destination IP address,source TCP/UDP port and destination TCP/UDP port.
作者
陈嘉宁
Chen Jianing(Fushun Municipal Fire Department ,Fushun 113000, Chin)
出处
《计算机测量与控制》
2018年第5期188-192,共5页
Computer Measurement &Control
关键词
异常检测
主成分分析
蚁群优化
动态时间规整
anomaly detection
principal component analysis
ant colony optimization
dynamic time warping
