计算机科学 ›› 2019, Vol. 46 ›› Issue (8): 178-182.doi: 10.11896/j.issn.1002-137X.2019.08.029

• 信息安全 • 上一篇    下一篇

一种基于小波分析的网络流量异常检测方法

杜臻, 马立鹏, 孙国梓   

  1. (南京邮电大学计算机学院 南京210023)
  • 收稿日期:2018-07-21 出版日期:2019-08-15 发布日期:2019-08-15
  • 通讯作者: 孙国梓(1972-),男,教授,硕士生导师,主要研究方向为计算机取证与区块链,E-mail:sun@njupt.edu.cn
  • 作者简介:杜臻(1994-),女,硕士生,主要研究方向为数据挖掘,E-mail:sun@njupt.edu.cn;马立鹏(1997-),男,主要研究方向为信息安全与数据挖掘

Network Traffic Anomaly Detection Based on Wavelet Analysis

DU Zhen, MA Li-peng, SUN Guo-zi   

  1. (School of Computer Science,Nanjing University of Posts and Telecommunications,Nanjing 210023,China)
  • Received:2018-07-21 Online:2019-08-15 Published:2019-08-15

摘要: 对大量网络流量数据进行高质量特征提取与异常识别是做好网络取证的重要基础。文中重点研究并实现了网络取证中的数据处理并建立了模型库。对一种基于小波分析的网络流量异常检测方法进行了研究,用于检测包含两种不同注入攻击的pcap文件。文中的研究在Windows系统上进行,采用Python语言完成功能代码编写。首先从大量数据中提取需要的训练数据,然后使用小波分析提取特征,最后使用支持向量机进行分类器训练,从而可以利用该分类器识别出包含正常流量和异常流量的混合流量中的异常。定性和定量实验结果表明该方法对两种类型的异常流量实现了较高的分类精度,以期从特征提取和分类分析两个角度为网络取证的完善提供一种途径。

关键词: 分类分析, 特征提取, 网络取证, 小波分析, 异常检测

Abstract: High-quality feature extraction and anomaly detection of large-scale network traffic data is an important basis for network forensics.The key research and implementation of this paper is the data processing and modeling library in network forensics.A method of network traffic anomaly detection based on wavelet analysis was studied to detect pcap files containing two different injection attacks.The study was implemented on the Windows system,and Python language was used to complete the function code.First,the required training data from a large amount of data are extracted,then the features are extracted from trainning data by using wavelet analysis.Finally,the support vector machine is used for classifier training.Thus,two types of anomaly traffic are identified from the mixed traffic containing normal traffic and abnormal traffic.Qualitative and quantitative experimental results show that the method achieves good classification results,and can provide a way for the improvement of network forensics from the two perspectives of feature extraction and classification analysis

Key words: Anomaly detection, Classification analysis, Feature extraction, Network forensics, Wavelet analysis

中图分类号: 

  • TP391
[1]WANG L,QIAN H L.Computer forensics technology and its development trend[J].Journal of Software,2003,14(9):1635-1644.(in Chinese) 王玲,钱华林.计算机取证技术及其发展趋势[J].软件学报,2003,14(9):1635-1644.
[2]HOU H H.Application research of data mining in computer dy- namic forensics technology[J].Digital Technology and Application,2017,14(8):76-77.(in Chinese) 侯欢欢.数据挖掘在计算机动态取证技术中的应用研究[J].数字技术与应用,2017,14(8):76-77.
[3]HU D H,XIA D R,SHI X L,et al.Network forensics technology research[J].Computer Science,2015,23(b10):1-22.(in Chinese) 胡东辉,夏东冉,史昕岭,等.网络取证技术研究[J].计算机科学,2015,23(b10):1-22.
[4]LAMABA H,GLAZIER T J,SCHMERL B,et al.A model-based approach to anomaly detection in software architectures[C]∥Symposium and Bootcamp on the Science of Security,2016:69-71.
[5]ATEFI K,YAHYA S,REZAEI A,et al.Anomaly detection based on profifie signature in network using machine lear-ning technique∥Region 10 Symposium.2016:71-76.
[6]LEITNER M,RINDERLEB M S.Anomaly detection and visua- lization in generative rbac models[C]∥ACM Symposium on Access Control MODELS and Technologies.2014:41-52.
[7]ZHOU Y J.Network traffic anomaly detection based on data mining in time-series graph[J].Computer Science,2009,36(1):46-50.
[8]BARFORD P,KLINE J,PLONKA D.A signal analysis of network traffic anomalies[C]∥Proc.ACM SIGCOMM Internet Measurement Workshop.Marseille,France,2002:71-82.
[9]LUAN K.Robust detection method for network attacks based on wavelet scale decomposition [J].Electronic Technology and Software Engineering,2016,8(4):9.(in Chinese) 栾凯.基于小波尺度分解的网络攻击稳健检测方法[J].电子技术与软件工程,2016,8(4):9.
[10]MA X H,Cao J P,DONG S F.Wavelet analysis and application.Microcomputer Development,2003,56(1/2):231-262.
[11]Al-QAMMAZ A Y,YUSOF Y,AHAMAD F K.An enhanced discrete wavelet packet transform for feature extraction in electroencephalogram signals[C]∥International Conference.2017:88-93.
[12]AHANI S,GHAEMMAGHAMI S Z,WANG Z J.A sparse representation-based wavelet domain speech steganography method[J].IEEE/ACM Transactions on Audio Speech & Language Processing,2015,23(1):80-91.
[13]ALI S,HUNG C C.An empirical study on feature extraction for the classification of textural and natural images[C]∥International Conference on Research in Adaptive and Convergent Systems.2016:51-55.
[14]ALNASHASH H A,PAUL J S,THAKOR N V.Wavelet entropy method for EEG analysis:application to global brain injury[C]∥International IEEE Embs Conference on Neural Engineering.2016:348-351.
[15]MA X H,CAO J P,DONG S F.Wavelet analysis and application[J].Microcomputer Development,2003,56(1/2):231-262.
[16]WEI L,GNORBANI A A.Network anomaly detection based onwavelet analysis[J].Eurasip Journal on Advances in Signal Processing,2009,1(2003):1-16.
[17]CHEN Z,CHAI K Y,BU S L,et al.A novel anomaly detection system using feature-based MSPCA with sketch[C]∥Wireless and Optical Communication Conference.IEEE,2017:1-6.
[18]SALAGEAN M.Real network traffic anomaly detection based on analytical discrete wavelet transform[C]∥International Conference on Optimization of Electrical and Electronic Equipment.2010:926-931.
[1] 徐天慧, 郭强, 张彩明.
基于全变分比分隔距离的时序数据异常检测
Time Series Data Anomaly Detection Based on Total Variation Ratio Separation Distance
计算机科学, 2022, 49(9): 101-110. https://doi.org/10.11896/jsjkx.210600174
[2] 李其烨, 邢红杰.
基于最大相关熵的KPCA异常检测方法
KPCA Based Novelty Detection Method Using Maximum Correntropy Criterion
计算机科学, 2022, 49(8): 267-272. https://doi.org/10.11896/jsjkx.210700175
[3] 王馨彤, 王璇, 孙知信.
基于多尺度记忆残差网络的网络流量异常检测模型
Network Traffic Anomaly Detection Method Based on Multi-scale Memory Residual Network
计算机科学, 2022, 49(8): 314-322. https://doi.org/10.11896/jsjkx.220200011
[4] 张源, 康乐, 宫朝辉, 张志鸿.
基于Bi-LSTM的期货市场关联交易行为检测方法
Related Transaction Behavior Detection in Futures Market Based on Bi-LSTM
计算机科学, 2022, 49(7): 31-39. https://doi.org/10.11896/jsjkx.210400304
[5] 曾志贤, 曹建军, 翁年凤, 蒋国权, 徐滨.
基于注意力机制的细粒度语义关联视频-文本跨模态实体分辨
Fine-grained Semantic Association Video-Text Cross-modal Entity Resolution Based on Attention Mechanism
计算机科学, 2022, 49(7): 106-112. https://doi.org/10.11896/jsjkx.210500224
[6] 程成, 降爱莲.
基于多路径特征提取的实时语义分割方法
Real-time Semantic Segmentation Method Based on Multi-path Feature Extraction
计算机科学, 2022, 49(7): 120-126. https://doi.org/10.11896/jsjkx.210500157
[7] 杜航原, 李铎, 王文剑.
一种面向电商网络的异常用户检测方法
Method for Abnormal Users Detection Oriented to E-commerce Network
计算机科学, 2022, 49(7): 170-178. https://doi.org/10.11896/jsjkx.210600092
[8] 刘伟业, 鲁慧民, 李玉鹏, 马宁.
指静脉识别技术研究综述
Survey on Finger Vein Recognition Research
计算机科学, 2022, 49(6A): 1-11. https://doi.org/10.11896/jsjkx.210400056
[9] 高元浩, 罗晓清, 张战成.
基于特征分离的红外与可见光图像融合算法
Infrared and Visible Image Fusion Based on Feature Separation
计算机科学, 2022, 49(5): 58-63. https://doi.org/10.11896/jsjkx.210200148
[10] 武玉坤, 李伟, 倪敏雅, 许志骋.
单类支持向量机融合深度自编码器的异常检测模型
Anomaly Detection Model Based on One-class Support Vector Machine Fused Deep Auto-encoder
计算机科学, 2022, 49(3): 144-151. https://doi.org/10.11896/jsjkx.210100142
[11] 左杰格, 柳晓鸣, 蔡兵.
基于图像分块与特征融合的户外图像天气识别
Outdoor Image Weather Recognition Based on Image Blocks and Feature Fusion
计算机科学, 2022, 49(3): 197-203. https://doi.org/10.11896/jsjkx.201200263
[12] 冷佳旭, 谭明圮, 胡波, 高新波.
基于隐式视角转换的视频异常检测
Video Anomaly Detection Based on Implicit View Transformation
计算机科学, 2022, 49(2): 142-148. https://doi.org/10.11896/jsjkx.210900266
[13] 任首朋, 李劲, 王静茹, 岳昆.
基于集成回归决策树的lncRNA-疾病关联预测方法
Ensemble Regression Decision Trees-based lncRNA-disease Association Prediction
计算机科学, 2022, 49(2): 265-271. https://doi.org/10.11896/jsjkx.201100132
[14] 刘意, 毛莺池, 程杨堃, 高建, 王龙宝.
基于邻域一致性的异常检测序列集成方法
Locality and Consistency Based Sequential Ensemble Method for Outlier Detection
计算机科学, 2022, 49(1): 146-152. https://doi.org/10.11896/jsjkx.201000156
[15] 张叶, 李志华, 王长杰.
基于核密度估计的轻量级物联网异常流量检测方法
Kernel Density Estimation-based Lightweight IoT Anomaly Traffic Detection Method
计算机科学, 2021, 48(9): 337-344. https://doi.org/10.11896/jsjkx.200600108
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!