计算机工程 ›› 2009, Vol. 35 ›› Issue (11): 166-168,.doi: 10.3969/j.issn.1000-3428.2009.11.057

• 安全技术 • 上一篇    下一篇

基于统计的网络性能异常快速检测方法

孙延涛1,2,杨芳南1,2,许松涛3   

  1. (1. 北京交通大学计算机与信息技术学院,北京 100044;2. 高速铁路网络管理教育部工程研究中心,北京 100044; 3. 中国科学院软件研究所多媒体通信和网络工程研究中心,北京 100080)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2009-06-05 发布日期:2009-06-05

Fast Detection Method for Network Performance Anomaly
Based on Statistics

SUN Yan-tao1,2, YANG Fang-nan1,2, XU Song-tao3   

  1. (1. School of Computer and Information Technology, Beijing Jiaotong University, Beijing 100044; 2. Engineering Research Center of High-speed Railway Network Management, Ministry of Education, Beijing 100044; 3. Multimedia Communication & Network Engineering Research Center, Institute of Software, Chinese Academy of Sciences, Beijing 100080)

  • Received:1900-01-01 Revised:1900-01-01 Online:2009-06-05 Published:2009-06-05

摘要: 针对固定阈值适应性差的缺点,提出一种可以根据网络环境和运行状态自动调整阈值的网络性能异常检测方法。与一般的基于统计的方法相比,该方法给出样本空间内性能数据的样本均值和方差的具有无偏估计特性的近似算法,其时间和空间复杂度都达到O(1)。算法根据均值和方差计算出适合的告警阈值,并利用噪声平滑和消除抖动等措施减少漏报和误报问题。算法被应用在社区宽带综合业务网络管理系统中并取得了较好的效果。

关键词: 网络性能管理, 异常检测, 阈值自适应

Abstract: Against the poor adaptability of fixed threshold, a threshold-adaptive Performance Anomaly Detection(PAD) algorithm which can adjust the threshold automatically according to the network environment and operation state is proposed. The method gives an approximate algorithm with unbiased estimation to compute the sample mean and variance of the performance sample space. The algorithm’s time and space complexity reach the degree O(1). The threshold-adaptive PAD can compute a fitting alert threshold by the mean and variance, and measures of noise-smoothing and tremble elimination are used to reduce the problems of fake alarms or missed alarms. The algorithm is applied to the Community Broadband Integrated Services Network Management System(CBIS-NMS) and gets a better result.

Key words: network performance management, anomaly detection, threshold-adaptive

中图分类号: