期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于多尺度特征的网络流量异常检测方法 被引量:18

Network traffic anomaly detection method based on multi-scale characteristic
下载PDF
导出
摘要 针对传统的网络流量异常检测方法大都只关注流量数据的细粒度特征,对多尺度特征信息利用不充分,可能导致异常检测结果准确率不高的问题,提出了一种基于多尺度特征的网络流量异常检测方法。使用多个不同尺度的滑动窗口将原始流量划分为多个观察跨度的子序列,利用小波变换技术重构各个子序列的多层级序列,链式SAE通过特征空间映射生成多层级重构序列,各层级的分类器根据重构序列的误差进行异常的初步判定,采用加权投票策略对各层级的初步判定结果进行汇总,形成最终结果判定。实验结果表明,所提方法可有效挖掘网络流量的多尺度特征信息,对异常流量的检测性能较传统方法有明显提升。 Aiming at the problem that most of the traditional network traffic anomaly detection methods only pay attention to the fine-grained features of traffic data,and make insufficient use of multi-scale feature information,which may lead to low accuracy of anomaly detection results,a network traffic anomaly detection method based on multi-scale features was proposed.The original traffic was divided into sub-sequences with multiple observation spans by using multiple sliding windows of different scales,and the multi-level sequences of each sub-sequence were reconstructed by wavelet transform technology.Multi-level reconstructed sequences were generated by Chain SAE through feature space mapping,and a preliminary judgment of abnormality was made by the classifiers of each level according to the errors of the reconstructed sequences.The weighted voting strategy was adopted to summarize the preliminary judgment results of each level to form the final result judgment.Experimental results show that the proposed method can effectively mine the multi-scale feature information of network traffic,and the detection performance of abnormal traffic is obviously improved compared with traditional methods.
作者 段雪源 付钰 王坤 刘涛涛 李彬 DUAN Xueyuan;FU Yu;WANG Kun;LIU Taotao;LI Bin(Department of Information Security,Naval University of Engineering,Wuhan 430033,China;College of Computer and Information Technology,Xinyang Normal University,Xinyang 464000,China;Henan Key Laboratory of Analysis and Applications of Education Big Data,Xinyang Normal University,Xinyang 464000,China;School of Mathematics and Information Engineering,Xinyang Vocational and Technical College,Xinyang 464000,China)
机构地区 海军工程大学信息安全系 信阳师范学院计算机与信息技术学院 信阳师范学院河南省教育大数据分析与应用重点实验室 信阳职业技术学院数学与信息工程学院
出处 《通信学报》 EI CSCD 北大核心 2022年第10期65-76,共12页 Journal on Communications
基金 国家重点研发计划基金资助项目(No.2018YFB0804104)。
关键词 网络流量 异常检测 多尺度特征 小波变换 network traffic anomaly detection multi-scale characteristic wavelet transformation
分类号 TP391 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献5

二级参考文献35

  • 1Kuzmanovic A, Knightly EW. Low-Rate TCP-targeted denial of service attacks--the shrew vs. the mice and elephants. In: Proc. of the ACM SIGCOMM 2003. New York: ACM Press, 2003. 75-86. http://byte.csc.lsu.edu/-durresi/7502/reading/p75-kuzmanovic. pdf. 被引量:1
  • 2Sarat S, Terzis A. On the effect of router buffer sizes on low-rate denial of service attacks. In: Proc. of the 14th Int'l Conf. on Computer Communications and Networks (ICCCN 2005). New York: IEEE Press, 200S. 281-286. http://www.cs.jhu.edu/-sarat/ ICCCN05.pdf. 被引量:1
  • 3Kwok YK, Tripathi R, Chen Y, Hwang K. HAWK: Halting anomalies with weighted choking to rescue well-behaved TCP sessions from shrew DDoS attacks. In: Proc. of the 3rd Int'l Conf. on Networking and Mobile Computing (ICCNMC 2005). New York: Springer-Verlag, 2005.423-432. http://gridsec.usc.edu/files/TR/HAWK-ICCNMC2005-CameraReady.pdf. 被引量:1
  • 4Sun H, Lui JCS, Yau DKY. Defending against low-rate TCP attacks: Dynamic detection and protection. In: Proc. of the 12th IEEE Int'l Conf. on Network Protocols (ICNP 2004). New York: IEEE Press, 2004. 196-205. http://www.cse.cuhk.edu.hk/-cslui/ PUBLICATION/icnp_lowrate.pdf. 被引量:1
  • 5Sun H, Lui JCS, Yau DKY. Distributed mechanism in detecting and defending against the low-rate TCP attack. Computer Networks, 2006,50(13):2312-2330. 被引量:1
  • 6Chen Y, Hwang K. Collaborative detection and filtering of shrew DDoS attacks using spectral analysis. Journal of Parallel and Distributed Computing, 2006,66(9): 1137-1151. 被引量:1
  • 7Guirguis M, Bestavros A, Matta I. Exploiting the transients of adaptation for RoQ attacks on Internet resources. In: Proc. of the 12th IEEE Int'l Conf. on Network Protocols (ICN-P 2004). New York: IEEE Press, 2004. 184-195. http://www.ieee-icnp.org/ 2004/papers/5-2.pdf. 被引量:1
  • 8Luo XP, Chang RKC. On a new class of pulsing denial-of-service attacks and the dcfanse, In: Proc. of the Network and Distributed System Security Symp. (NDSS 2005). Rcston: Intcrnct Society, 2005. http://www.isoc.org/isoc/confercnces/ndss/OS/proccedings/ papers/new_pulsing_DOS.pdf. 被引量:1
  • 9Chertov R, Fahmy S, Shroff NB. Emulation versus simulation: A case study of TCP-targeted denial of service attack. In: Proc. of the 2nd IEEE Conf. on Testbeds and Research Infrastructures for the Development of Networks and Communities (TRIDENTCOM 2006). New York: IEEE Press, 2006. http://cobweb.ecn.purdue.edu/-shroff/Shroff/conference/CheFahShr-tridentcom.pdf. 被引量:1
  • 10Chen Y, Hwang K. Spectral analysis of TCP flows for defense against reduction-of-quality attacks. In: Proc. of the 2007 IEEE Int'l Conf. on Communications (ICC 2007). New York: IEEE Press, 2005. 1203-1210. http://pods.binghamton.edu/-ychenfPID364015. pdf. 被引量:1

共引文献102

同被引文献148

引证文献18

二级引证文献15

通信学报
2022年 第10期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部