计算机工程 ›› 2012, Vol. 38 ›› Issue (23): 131-136.doi: 10.3969/j.issn.1000-3428.2012.23.032

• 安全技术 • 上一篇    下一篇

基于层次聚类的网络流量异常分类算法

许 倩,程东年   

  1. (国家数字交换系统工程技术研究中心,郑州 450002)
  • 收稿日期:2012-03-05 出版日期:2012-12-05 发布日期:2012-12-03
  • 作者简介:许 倩(1987-),女,硕士研究生,主研方向:网络安全;程东年,教授
  • 基金项目:
    国家“863”计划基金资助项目(2009AA01A346);国家科技支撑计划基金资助项目(2011BAH19B01)

Network Traffic Anomaly Classification Algorithm Based on Hierarchical Clustering

XU Qian, CHENG Dong-nian   

  1. (National Digital Switching System Engineering & Technological R&D Center, Zhengzhou 450002, China)
  • Received:2012-03-05 Online:2012-12-05 Published:2012-12-03

摘要: 现有的异常流量根源分析技术大多需要人工干预,对异常事件的分类效果不佳。为此,提出基于层次聚类的流量异常分类算法TAC-HC,通过特征属性的训练过程逐步建立分类树,把相似的异常嵌入到子树中,在未知数据集聚类数目的情况下对新的异常进行分类。仿真结果表明,TAC-HC算法的分类平均准确率达到89%,对网络扫描这类小异常事件的分类精确率也能达到95.3%。

关键词: 流特征, 属性向量, 网络异常事件, 层次聚类, 异常分类算法

Abstract: Most methods of root cause analysis often require manual intervention, and the classification results of anomaly events are not satisfied. This paper proposes a novel model named Traffic Anomaly Classification based on Hierarchical Clustering(TAC-HC). It utilizes the learning process of its feature attributes to establish classification tree gradually and the similar anomaly is embedded in the subtree. The classification tree classifies new anomalies with the number of clusters unknown. Experimental results show that the classification accuracy of TAC-HC algorithm reaches 89%, and the classification accuracy of anomalies with low traffic volumes such as network scan reaches 95.3%.

Key words: traffic feature, attribute vector, network anomaly event, hierarchical clustering, anomaly classification algorithm

中图分类号: