应用交互式网络流模型的高速网络异常行为检测与控制

针对网络异常流量的检测与定位问题,提出了一种根据网络流统计量异常变化和不完整网络流来有效识别并定位网络异常流量的方法.该方法建立在交互式网络流模型的基础上,分析了交互式网络流模型下各种网络流的交互特征；为准确实时获取网络异常源,采用中国余数定理,设计了连接度sketch结构中的哈希函数,满足了网络用户信息逆向求解的需要,实现了高速网络中异常网络流特征参数的实时获取；为减缓网络异常行为的扩散速度,提出采用动态软隔离方法实现网络异常行为的控制.真实环境下的实验结果表明,所提方法对于多种类型的网络异常行为具有良好的检测效果,检测的准确率和速率都得到了提高,同时可以准确地定位网络异常源,为有效控制网络异常行为的扩散奠定了基础.

Abnormal Behavior Detection and Control in High Speed Networks Based on Bidirectional Flow

A new method is proposed to effectively identify and locate the abnormal network flows based on the abnormal changes of the flow statistics and the incomplete flows.The method bases on the bidirectional flow model,and analyzes the interactive features of different network flows.A hash function in the structure of the connection degree sketch is designed by using the Chinese remainder theorem,so that the source of the abnormal behaviors can be accurately and timely achieved,and the users’information is obtained from the abnormal flows in the high-speed networks.The dynamic and soft isolation method is used to control the abnormal behaviors and hence to slow down the spread speed of the abnormal behaviors.The experimental results in an actual network show that the proposed method is efficient in improving both the detection accuracy and speed for most kinds of abnormal behaviors.At the same time,the source of the abnormal flow is exactly located,and it is helpful to control the spread of the abnormal behaviors.