作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2019, Vol. 45 ›› Issue (11): 234-242. doi: 10.19678/j.issn.1000-3428.0052745

• 人工智能及识别技术 • 上一篇    下一篇

基于流知识图谱的通信网络流连接行为分析

胡航宇, 翟学萌, 胡光岷   

  1. 电子科技大学 宽带光纤传输与通信网技术教育部重点实验室, 成都 611731
  • 收稿日期:2018-09-25 修回日期:2018-11-12 发布日期:2018-11-15
  • 作者简介:胡航宇(1988-),男,博士研究生,主研方向为网络行为分析;翟学萌,博士研究生;胡光岷,教授、博士生导师。
  • 基金资助:
    国家自然科学基金(61471101,61571094)。

Analysis of Communication Network Flow Connection Behavior Based on Flow Knowledge Graph

HU Hangyu, ZHAI Xuemeng, HU Guangmin   

  1. Key Laboratory of Optical Fiber Sensing and Communications, Ministry of Education, University of Electric Science and Technology of China, Chengdu 611731, China
  • Received:2018-09-25 Revised:2018-11-12 Published:2018-11-15

摘要: 图模型能够直观、完整地刻画网络流的连接模式,在网络流行为分析中具有独特的优势,但现有图模型方法存在构图方式单一、信息包含不完整、分析手段不够丰富等问题,通过借鉴知识图谱的概念,提出一种基于流知识图谱的网络流行为分析模型——网络流连接图。通过收集网络流信息构造网络流连接关系的基本模型,基于网络流属性信息设定图节点等级和边权值,在此基础上,利用节点与边的筛选规则提取网络应用行为的核心连接方式和简化网络规模,采用复杂网络特征分析方法提取网络流行为特征参数。实验结果表明,网络流连接图能够充分利用网络流行为测量数据中的可用信息,准确刻画网络应用流连接关系的固有特征,有效地检测与识别DDoS攻击、蠕虫传播以及端口扫描等网络异常行为,同时网络流连接图表现出良好的可扩展性,适合多种图挖掘算法的应用。

关键词: 网络流行为分析, 网络流, 知识图谱, 特征参数提取, 异常检测

Abstract: The graph model method has unique advantages in network flow behavior analysis,because it can intuitively and completely describe the connection mode of network flow.However,the current methods have many problems,such as single composition mode,incomplete information and insufficient analysis means etc.Therefore,by referring to the concept of knowledge graph,this paper proposes a network flow behavior analysis model based on flow knowledge graph,namely,the network flow connection graph.We first build the basic model of the network flow connection relationship by collecting the network flow information.Then we set the graph node level and the edge weight value based on the network flow attribute information.According to the filtering rules of the node and edge,we extract the core connection mode of the network application behavior and simplify the network scale.Finally,we adopt the complex network feature analysis method to extract the network flow feature parameters.Experimental results show that network flow connection graph can fully utilize the available information in the network flow behavior measurement data,accurately characterize the inherent characteristics of the network application flow connection relationship,and effectively detect and identify network abnormal behaviors such as DDoS attacks,worm propagation and port scanning.Besides,the network flow connection graph shows good scalability,making it suitable for the application of multiple graph mining algorithms.

Key words: network flow behavior analysis, network flow, knowledge graph, feature parameter extraction, anomaly detection

中图分类号: