| 一种用于异常检测的网络流量抽样方法 |
| |
| 引用本文: | 潘乔,裴昌幸,朱畅华.一种用于异常检测的网络流量抽样方法[J].西安交通大学学报,2008,42(2):175-178. |
| |
| 作者姓名: | 潘乔 裴昌幸 朱畅华 |
| |
| 作者单位: | 西安电子科技大学综合业务网国家重点实验室,710071,西安 |
| |
| 基金项目: | 国家自然科学基金
,
陕西省科技攻关计划 |
| |
| 摘 要: | 为了减小抽样数据对网络异常检测的影响,提出了一种新的可变抽样率的网络流量抽样方法.通过利用哈希模式匹配算法,将到达的数据报文按流标识分类并记录下该报文在流中的位置,然后根据报文所属流的位置顺序减函数来设置不同的报文抽样概率.实验结果表明,所提方法增加了短流报文的抽样概率,解决了由于随机报文抽样方法偏向于长流抽样而导致的网络异常丢弃的问题,从而提高了异常检测的正确性.
|
| 关 键 词: | 网络流量 可变抽样 随机报文 异常检测 网络异常检测 网络流量 抽样方法 Anomaly Detection Method Sampling Traffic 问题 随机 结果 实验 抽样概率 设置 减函数 位置 数据报文 记录 分类 流标识 模式匹配算法 |
| 文章编号: | 0253-987X(2008)02-0175-04 |
| 收稿时间: | 2007-06-27 |
| 修稿时间: | 2007年6月27日 |
Novel Traffic Sampling Method for Anomaly Detection |
| |
| PAN Qiao,PEI Changxing,ZHU Changhua.Novel Traffic Sampling Method for Anomaly Detection[J].Journal of Xi'an Jiaotong University,2008,42(2):175-178. |
| |
| Authors: | PAN Qiao PEI Changxing ZHU Changhua |
| |
| Abstract: | In order to reduce the impact of sampled traffic on network anomaly detecting,a novel method with variable sampling rates in traffic sampling is proposed.By using the hash pattern matching algorithm,the incoming packets are classified by flow's ID and the packet's positions in the flow are recorded.Then,various sampling rates are specified according to the decreasing order function of the flow that the incoming packet belongs to.Experiment results show that the method increases the sampling rates to small flows,and resolves the problem that a great many network anomalies are discarded by the random packet sampling that has a bias towards large flows,and that the accuracy of anomaly detecting is improved. |
| |
| Keywords: | network traffic variable sampling random packet anomaly detecting |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
