计算机工程 ›› 2017, Vol. 43 ›› Issue (12): 73-77.doi: 10.3969/j.issn.1000-3428.2017.12.014

• 移动互联与通信技术 • 上一篇    下一篇

基于历史与当前短时特征的异常流量检测

李轶璋 1,王冼 1,段平 2,刘晓亚 3,陈阳 4,陈加忠 4   

  1. (1.中国移动通信集团湖北有限公司,武汉 430023; 2.湖北城市建设职业技术学院 信息工程系,武汉 430205; 3.信阳职业技术学院,河南 信阳 464000; 4.华中科技大学 计算机科学与技术学院,武汉 430074)
  • 收稿日期:2016-09-07 出版日期:2017-12-15 发布日期:2017-12-15
  • 作者简介:李轶璋(1983—),男,工程师、硕士,主研方向为大数据挖掘、计算机视觉;王冼,工程师、硕士;段平,副教授;刘晓亚,讲师、硕士;陈阳,硕士研究生;陈加忠,副教授、博士。
  • 基金项目:
    中国移动通信集团湖北有限公司TD-SCDMA联合创新实验室项目“基于大数据流量建模的分组域核心网运维方法研究”(HBMC-3510-JS-JSZX-2015-1197)。

Abnormal Traffic Detection Based on Historical and Current Short-term Features

LI Yizhang  1,WANG Xian  1,DUAN Ping  2,LIU Xiaoya  3,CHEN Yang  4,CHEN Jiazhong  4   

  1. (1.China Mobile Communications Group Hubei Co.,Ltd.,Wuhan 430023,China; 2.Department of Information Engineering,Hubei Urban Construction Vocational and Technological College,Wuhan 430205,China; 3.Xinyang Vocational and Technological College,Xinyang,Henan 464000,China; 4.School of Computer Science and Technology,Huazhong University of Science and Technology,Wuhan 430074,China)
  • Received:2016-09-07 Online:2017-12-15 Published:2017-12-15

摘要:

将移动运营商核心网络中的故障点定位到设备和端口需要分析大量数据样本,耗时较长。针对该问题,提出一种以历史数据为参照的异常流量检测方法。构建历史流量数据库,在此基础上利用短时的面积特征与梯度特征刻画网络的流量行为,及时发现异常流量,并设计分级多粒度方法定位造成异常流量的故障点。实验结果表明,与自适应阈值法、K-means聚类法和多维熵法相比,该方法能取得较好的在线异常流量检测效果,准确定位出现故障及异常流量的设备及端口。

关键词: 网络流量, 历史特征, 异常流量检测, 流量行为, 短时特征

Abstract: To locate the fault points in the core network of mobile operators,previous methods require too many data samples which need long time to find the fault points.Aiming at this problem,this paper proposes an abnormal traffic detection method using the historical data as reference.It establishes a database containing historical traffic data.On this basis,it uses the surface feature and gradient features in short term to describe traffic behaviors of network,so as to detect the abnormal traffic in time.Meanwhile,it proposes a hierarchical and multi-granularity method to find the fault points that lead to the anomalous traffic.Experimental results demonstrate that,compared with adaptive threshold method,K-means clustering method and multidimensional entropy method,the proposed method can not only perform better in online abnormal traffic detection,but also locate the equipments and points that have faluts and abnormal traffic more accurately.

Key words: network traffic, historical feature, abnormal traffic detection, traffic behavior, short-term feature

中图分类号: