作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2007, Vol. 33 ›› Issue (24): 181-183. doi: 10.3969/j.issn.1000-3428.2007.24.063

• 安全技术 • 上一篇    下一篇

基于多特征相似度的大规模网络异常检测算法

张 浚,张凤荔,罗 琴,王 娟   

  1. 电子科技大学计算机科学与工程学院,成都 610054
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2007-12-20 发布日期:2007-12-20

Large-scale Network Anomaly Detecting Method Based on Multi-feature Similarity

ZHANG Jun, ZHANG Feng-li, LUO Qin, WANG Juan   

  1. School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu 610054
  • Received:1900-01-01 Revised:1900-01-01 Online:2007-12-20 Published:2007-12-20

摘要: 提出了大规模网络中一种基于相似度的异常检测模型。该模型利用大规模网络中的多种网络数据流特征,经过高频统计,建立特征集,并计算实时特征集与标准特征集的相似度。当大规模网络中发生攻击或病毒时,网络流量的自相似性将遭到破坏。通过与正常情况时的比较可以及时准确地发现攻击引起的异常。实验结果表明这种综合多个网络特征的检测模型比起单一的特征检测明显降低了误报率,也比较适用于大规模网络。

关键词: 大规模网络, 多特征相似度, 特征集, 异常检测

Abstract: An anomaly detection model based on the multi-feature similarity in large-scale network is proposed in this paper. The model uses a variety of flux characteristics of the network in large-scale network, after high frequent statistics, the establishment of the character set and the calculation of similarity factors between real-time character sets and standard character sets. The similarities of network flows will be destroyed when large-scale network attacks or viruses. So the network anomaly through comparison with the normal situation can be promptly and accurately found. Experimental results show that the more comprehensive network character detecting model with a single character of detection is lower misstatement, quite applicable to large-scale network.

Key words: large-scale network, multi-feature similarity, character set, anomaly detecting

中图分类号: