作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2019, Vol. 45 ›› Issue (4): 108-113,118. doi: 10.19678/j.issn.1000-3428.0050452

• 安全技术 • 上一篇    下一篇

基于KL距离的自适应阈值网络流量异常检测

蒋华,张红福,罗一迪,王鑫   

  1. 桂林电子科技大学 计算机与信息安全学院,广西 桂林 541004
  • 收稿日期:2018-02-07 出版日期:2019-04-15 发布日期:2019-04-15
  • 作者简介:蒋华(1963—),男,教授、博士,主研方向为信息安全、数据库系统;张红福(通信作者)、罗一迪,硕士;王鑫,副教授、硕士。
  • 基金资助:

    广西高校中青年教师基础能力提升项目(KY2016YB150);桂林电子科技大学研究生教育创新计划项目(2017Y JCX48);广西可信软件重点实验室基金(kx201724)。

Adaptive Threshold Network Traffic Anomaly Detection Based on KL Distance

JIANG Hua,ZHANG Hongfu,LUO Yidi,WANG Xin   

  1. College of Computer and Information Security,Guilin University of Electronic Technology,Guilin,Guangxi 541004,China
  • Received:2018-02-07 Online:2019-04-15 Published:2019-04-15

摘要:

针对现有网络流量异常检测方法检测精度低且对网络环境动态变化适应性差的问题,根据网络流量在相邻时间周期内的强相关性特性,提出一种自适应阈值的网络流量异常检测方法。利用滑动窗口控制KL距离值数量,建立指数加权移动平均模型获取下一时刻的KL距离预测值,并采用滑动窗口划分的KL距离子序列与预测值确定自适应阈值范围,通过判断观测值是否在自适应阈值范围内实现网络流量异常检测。实验结果表明,该方法能有效检测网络流量异常,具有较高的检测精度。

关键词: 网络流量, 异常检测, 自适应阈值, KL距离, 指数加权移动平均模型, 滑动窗口

Abstract:

Aiming at the problem that the traffic anomaly detection method has low detection accuracy and poor adaptability to dynamic changes of network environment,an adaptive threshold network traffic anomaly detection method is proposed according to the strong correlation characteristics of network traffic in adjacent time periods.The sliding window is used to control the number of KL distance values,and the Exponentially Weighted Moving Average(EWMA) model is used to obtain the predicted value of the KL distance at the next moment,and the KL distance subsequence and the predicted value divided by the sliding window are determined.It adapts the threshold range and determines network traffic anomaly detection by determining whether the observed value is within the adaptive threshold range.Experimental results show that the method can effectively detect network traffic anomalies and has high detection accuracy.

Key words: network traffic, anomaly detection, adaptive threshold, KL distance, Exponentially Weighted Moving Average(EWMA) model, sliding window

中图分类号: