Abstract:
Most of abnormal traffic detection algorithms use fixed threshold, but these methods cannot describe action of network clearly. This paper presents an self-adaptive threshold residual ratio detection method which introduces the refreshing mechanism. The mechanism mixes action of previous time and gets a dynamic threshold which can act as judge rule. The method also sets an interpose in order to depict network action exactly. The paper does experiment to validate the validity and advance in performance of this method.
Key words:
self-adaptive,
network abnormality,
abnormal traffic detection
摘要: 网络流量异常检测大多采用固定阈值进行异常判断,无法精确刻画网络异常行为,从而影响检测精度。针对上述问题提出一种自适应阈值异常检测算法,通过刷新机制叠加前一时刻的行为,得出动态的阈值作为判断当前时刻检测点是否异常的准则,通过标准差设定置信区间,以更准确地描述网络状况。仿真实验及比较结果表明该算法能有效提高异常检测精度。
关键词:
自适应,
网络异常,
异常流量检测
CLC Number:
CAO Min; CHENG Dong-nian; ZHANG Jian-hui; WU Xi. Network Traffic Abnormality Detection Algorithm Based on Self-adaptive Threshold[J]. Computer Engineering, 2009, 35(19): 164-167.
曹 敏;程东年;张建辉;吴 曦. 基于自适应阈值的网络流量异常检测算法[J]. 计算机工程, 2009, 35(19): 164-167.