摘要： 网络流量的复杂性、难以预测性以及人们主观评测的差异性等不确定因素,使得网络流量的异常检测成为网络安全防护领域研究的难点问题。通过对流量安全特征的分析提取和范围限定,引入云模型理论,提出一种基于云模型的异常流量检测方法,实现异常检测定性与定量的转换。在已有流量样本的基础上生成异常态势的标尺云,针对待测流量综合利用正向与逆向云产生算法获得不同异常等级的评估云,从而完成网络流量的异常判定。仿真实验表明,该方法能够对网络流量进行有效的异常检测评估。

关键词: 异常检测, 安全特征, 云模型, 正向/逆向云产生算法, 判定

Abstract: The increasing complexity and hard-predictability of network traffic,in addition with diversity by human judgments,make traffic anomaly detection still a difficult problem to solve.By the usage of cloud model theory,as well as analysis and definition for the traffic characteristics,a traffic anomaly detection approach based on cloud theory is proposed,which implements qualitative and quantitative transition.The scale clouds for abnormal situation are generated by existing sample traffic,and then the assessment cloud for anomaly decision is obtained by utilizing the forward cloud algorithm and backward cloud algorithms for the traffic to be measured to reflect the results directly.Simulation results show that the approach is capable of detecting abnormally behaved traffic.

Key words: anomaly detection, security characteristics, cloud model, forward/backward cloud generation algorithm, decision matrix

中图分类号: 

• TP309