摘要： 针对以往Hurst指数估算方法在求解精度和实时性上的不足，提出将EBP引入到网络流量自相似特性分析中，对比实验表明EBP对Hurst指数的估算更精确、实时性更高。利用EBP的这一优势将其运用到宏观网络行为的在线实时分析和异常行为的检测中，对林肯实验室宏观网络行为数据的分析表明，正常行为和异常行为的Hurst分布曲线差异明显。与传统匹配方法相比，基于EBP的异常行为检测方法检测效率更高。

关键词: 异常行为检测, 宏观网络流量, 自相似性, EBP方法

Abstract: Because the previous estimation methods lack of accuracy and real-time performance in solving the Hurst index, EBP is introduced to the analysis of network traffic self-similarity. The contrast experiments show that EBP is more accurate and has higher real-time performance than other methods in the Hurst index estimation. Taking these advantages of EBP, it is applied to online, real-time analysis of the macro network and the anomaly behavior detection. The analysis on macro network behavior data of Lincoln laboratory shows that the Hurst distribution curves between normal and abnormal behavior have obvious differences. Compared with the traditional method of matching, anomaly behavior detection method based on EBP is more efficient.

Key words: anomaly behavior detection, macro network traffic, self-similarity, EBP method

中图分类号: 

• TP393.08