| 自适应滤波实时网络流量异常检测方法 |
| |
| 引用本文: | 颜若愚,郑庆华,牛国林.自适应滤波实时网络流量异常检测方法[J].西安交通大学学报,2009,43(12). |
| |
| 作者姓名: | 颜若愚 郑庆华 牛国林 |
| |
| 作者单位: | 1. 西安交通大学电子与信息工程学院,710049,西安;广东海洋大学信息学院,524088,广东湛江
2. 西安交通大学电子与信息工程学院,710049,西安 |
| |
| 基金项目: | 国家自然科学基金资助项目,国家高技术研究发展计划资助项目 |
| |
| 摘 要: | 针对网络中的各种常见攻击,提出一种基于自适应滤波的网络流量异常检测方法.首先对多种流量指标进行递推最小二乘法预测,然后以预测误差所构造的统计量容许范围进行异常检测,最后对检测结果实施归一化评估.该方法具有无需任何历史训练数据、能大量减少报警次数、突出报警严重程度的特点.在DARPA入侵检测评估数据集上的实验表明,所提方法更适合检测拒绝服务攻击引起的异常,较之相同权向量下的同类方法,其异常检测率、误报率和检测速度等性能更好.
|
| 关 键 词: | 网络流量 递归最小二乘法 拒绝服务攻击 异常检测 |
On-Line Anomaly Detection Method for Network Traffic Based on Adaptive Filtering |
| |
| YAN Ruoyu,ZHENG Qinghua,NIU Guolin.On-Line Anomaly Detection Method for Network Traffic Based on Adaptive Filtering[J].Journal of Xi'an Jiaotong University,2009,43(12). |
| |
| Authors: | YAN Ruoyu ZHENG Qinghua NIU Guolin |
| |
| Abstract: | A network traffic anomaly detection method based on adaptive filter is proposed to de-tect all kinds of network traffic attacks.Multiple network traffic indicators are predicted by re-cursive least square and the allowable statistical range based on the prediction errors are used to detect anomaly.Detection results are finally normalized.The method has the following traits:no training from any historical data,reducing the number of alarms,remarkably,and highlighting the severity of alarms.Testing results on DARPA intrusion detection data sets show that the proposed method is more suitable to detect denial of service attacks,and has a higher detection rate,faster speed and lower alarm rate than similar existing methods with same dimension of weight vectors. |
| |
| Keywords: | network traffic recursive least square denial of service attack anomaly detection |
| 本文献已被 万方数据 等数据库收录! |
|
