计算机工程 ›› 2009, Vol. 35 ›› Issue (19): 164-167.doi: 10.3969/j.issn.1000-3428.2009.19.054

• 安全技术 • 上一篇    下一篇

基于自适应阈值的网络流量异常检测算法

曹 敏1,程东年1,张建辉1,吴 曦2   

  1. (1. 国家数字交换系统工程技术研究中心,郑州 450002; 2. 总参第五十八研究所,北京 100091)

  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2009-10-05 发布日期:2009-10-05

Network Traffic Abnormality Detection Algorithm Based on Self-adaptive Threshold

CAO Min1, CHENG Dong-nian1, ZHANG Jian-hui1, WU Xi2   

  1. (1. National Digital Switching System Engineering and Technological Research Center, Zhengzhou 450002; 2. No. 58 Institute, Headquarters of the General Staff, Beijing 100091)
  • Received:1900-01-01 Revised:1900-01-01 Online:2009-10-05 Published:2009-10-05

摘要: 网络流量异常检测大多采用固定阈值进行异常判断,无法精确刻画网络异常行为,从而影响检测精度。针对上述问题提出一种自适应阈值异常检测算法,通过刷新机制叠加前一时刻的行为,得出动态的阈值作为判断当前时刻检测点是否异常的准则,通过标准差设定置信区间,以更准确地描述网络状况。仿真实验及比较结果表明该算法能有效提高异常检测精度。

关键词: 自适应, 网络异常, 异常流量检测

Abstract: Most of abnormal traffic detection algorithms use fixed threshold, but these methods cannot describe action of network clearly. This paper presents an self-adaptive threshold residual ratio detection method which introduces the refreshing mechanism. The mechanism mixes action of previous time and gets a dynamic threshold which can act as judge rule. The method also sets an interpose in order to depict network action exactly. The paper does experiment to validate the validity and advance in performance of this method.

Key words: self-adaptive, network abnormality, abnormal traffic detection

中图分类号: