计算机科学 ›› 2019, Vol. 46 ›› Issue (11A): 464-468.
赵博1, 张华峰1, 张驯2, 赵金雄2, 孙碧颖3, 袁晖2
ZHAO Bo1, ZHANG Hua-feng1, ZHANG Xun2, ZHAO Jin-xiong2, SUN Bi-ying3, YUAN Hui2
摘要: 针对新能源电厂网络系统安全威胁检测需求,以及现有网络安全异常检测方法自适应能力差、人工参与多、误报率高等问题,提出了一种基于经验模态分解(Empirical Mode Decomposition,EMD)的自适应实时异常检测方法。该方法首先对新能源电厂网络中的流量进行多个维度的特征刻画,实现流量特征建模;然后在此基础上对特征指标进行自适应经验模态分解、方差计算、高斯拟合和阈值确定,以实现对流量特征指标的自适应异常检测和安全告警。采用典型攻击样本集合对本文方法和基于小波变换的异常检测方法进行了对比测试,测试结果表明,该方法能够准确、实时、自适应地识别未知流量异常,检测效果在准确率、误报率方面优于基于小波变换的异常检测方法。
中图分类号:
[1]叶夏明,文福拴,尚金成,等.电力系统中信息物理安全风险传播机制[J].电网技术,2015,39(11):3072-3079. [2]360,全球关键信息基础设施网络安全状况分析报告[EB/OL].https://max.book118.com/html/2018/0528/169235020.Shtm. [3]王轶楠,林彦君,李焕,等.DoS攻击下电力网络控制系统脆弱性分析及防御[J].控制与决策,2017,32(3):411-418. [4]WANG Y N,LIN Z Y,LIANG X,et al.On modeling of electrical cyber- physical systems considering cyber security[J].Frontiers of Information Technology & Electronic Engineering,2016,17(5):465-478. [5]徐久强,周洋洋,王进法,等.基于流时间影响域的网络流量异常检测[J].东北大学学报(自然科学版),2019,40(1):26-31. [6]金伟.基于统计方法的异常数据检测及其修复[D].南京:南京邮电大学,2016. [7]程光,龚俭,丁伟.基于抽样测量的高速网络实时异常检测模型[J].软件学报,2003,14(3):594-599. [8]DAINOTTI A,PESCAPE A,VENTRE G.Wavelet-based De-tection of DoS Attacks[C]∥IEEE Communications Society GLOBECOM.2006. [9]BARFORD P,KLINE J,PLONKA D,et al.A signal analysis ofnetwork traffic anomalies[C]∥Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurment.ACM,2002:71-82. [10]LAKHINA A,CROVELLA M,DIOT C.Diagnosing network-wide trafficanomalies[C]∥ACM SIGCOMM Computer Communication Review.ACM,2004:219-230. [11]李洪成,吴晓平,姜洪海.基于改进聚类分析的网络流量异常检测方法[J].网络与信息安全学报,2015,1(1):66-71. [12]卜国卿.网络流量异常检测技术研究与实现[D].电子科技大学,2018. [13]RINGBERG H,SOULE A,REXFORD J,et al.Sensitivity ofpcafor traffic anomaly detection[C]∥ ACM SIGMETRICS PerformanceEvaluation Review.ACM,2007:109-120. [14]夏守璐.希尔伯特黄变换在网络流量中的研究与应用[D].成都:电子科技大学,2017. [15]苟玲.基于经验模态分解的网络流量检测与分析方法[D].成都:电子科技大学,2018. [16]王海涛,陈晖.网络性能测量评价指标体系研究[J].信息技术与标准化,2012(9):34-37. [17]马云龙,张千里,王继龙.基于IPFIX的网络流量日志系统[J].通信学报,2013,2(4):5-8. [18]BRAUCKHOFF D,SALAMATIAN K,MAY M.ApplyingPCA for traffic anomaly detection:Problems and solutions[C]∥INFOCOM 2009.IEEE,2009:2866-2870. [19]AHMED T,COATES M,LAKHINA A.Multivariate online anomaly detection using kernel recursive least squares[C]∥26th IEEE International Conference on Computer Communications INFOCOM 2007.IEEE,2007:625-633. [20]GAO J,HU G,YAO X,et al.Anomaly detection of network traffic based on wavelet packet[C]∥Asia-Pacific Conference on Communications,2006.APCC’06.IEEE,2006:1-5. [21]BARFORD P,KLINE J,PLONKA D,et al.A signal analysis ofnetwork traffic anomalies[C]∥Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurment.ACM,2002:71-82. [22]肖政宏,潘梅森,尹浩.基于网络流量小波分析的异常检测研究[J].计算机应用研究,2007,2(1):299-301. [23]GRABS E,PETERSONS E.Analysis of self-similar traffic parameters for network performance improvement with real-time discrete wavelet transform[C]∥2015 IEEE 3rd Workshop on Advances in Information,Electronic and Electrical Engineering (AIEEE).IEEE,2015:1-6. |
[1] | 徐天慧, 郭强, 张彩明. 基于全变分比分隔距离的时序数据异常检测 Time Series Data Anomaly Detection Based on Total Variation Ratio Separation Distance 计算机科学, 2022, 49(9): 101-110. https://doi.org/10.11896/jsjkx.210600174 |
[2] | 李其烨, 邢红杰. 基于最大相关熵的KPCA异常检测方法 KPCA Based Novelty Detection Method Using Maximum Correntropy Criterion 计算机科学, 2022, 49(8): 267-272. https://doi.org/10.11896/jsjkx.210700175 |
[3] | 王馨彤, 王璇, 孙知信. 基于多尺度记忆残差网络的网络流量异常检测模型 Network Traffic Anomaly Detection Method Based on Multi-scale Memory Residual Network 计算机科学, 2022, 49(8): 314-322. https://doi.org/10.11896/jsjkx.220200011 |
[4] | 杜航原, 李铎, 王文剑. 一种面向电商网络的异常用户检测方法 Method for Abnormal Users Detection Oriented to E-commerce Network 计算机科学, 2022, 49(7): 170-178. https://doi.org/10.11896/jsjkx.210600092 |
[5] | 武玉坤, 李伟, 倪敏雅, 许志骋. 单类支持向量机融合深度自编码器的异常检测模型 Anomaly Detection Model Based on One-class Support Vector Machine Fused Deep Auto-encoder 计算机科学, 2022, 49(3): 144-151. https://doi.org/10.11896/jsjkx.210100142 |
[6] | 冷佳旭, 谭明圮, 胡波, 高新波. 基于隐式视角转换的视频异常检测 Video Anomaly Detection Based on Implicit View Transformation 计算机科学, 2022, 49(2): 142-148. https://doi.org/10.11896/jsjkx.210900266 |
[7] | 刘意, 毛莺池, 程杨堃, 高建, 王龙宝. 基于邻域一致性的异常检测序列集成方法 Locality and Consistency Based Sequential Ensemble Method for Outlier Detection 计算机科学, 2022, 49(1): 146-152. https://doi.org/10.11896/jsjkx.201000156 |
[8] | 张叶, 李志华, 王长杰. 基于核密度估计的轻量级物联网异常流量检测方法 Kernel Density Estimation-based Lightweight IoT Anomaly Traffic Detection Method 计算机科学, 2021, 48(9): 337-344. https://doi.org/10.11896/jsjkx.200600108 |
[9] | 郭奕杉, 刘漫丹. 基于时空轨迹数据的异常检测 Anomaly Detection Based on Spatial-temporal Trajectory Data 计算机科学, 2021, 48(6A): 213-219. https://doi.org/10.11896/jsjkx.201100193 |
[10] | 邢红杰, 郝忠. 基于全局和局部判别对抗自编码器的异常检测方法 Novelty Detection Method Based on Global and Local Discriminative Adversarial Autoencoder 计算机科学, 2021, 48(6): 202-209. https://doi.org/10.11896/jsjkx.200400083 |
[11] | 向昌盛, 陈志刚. 面向海量数据的网络流量混沌预测模型 Chaotic Prediction Model of Network Traffic for Massive Data 计算机科学, 2021, 48(5): 289-293. https://doi.org/10.11896/jsjkx.200400056 |
[12] | 管文华, 林春雨, 杨尚蓉, 刘美琴, 赵耀. 基于人体关节点的低头异常行人检测 Detection of Head-bowing Abnormal Pedestrians Based on Human Joint Points 计算机科学, 2021, 48(5): 163-169. https://doi.org/10.11896/jsjkx.200800214 |
[13] | 刘立成, 徐一凡, 谢贵才, 段磊. 面向NoSQL数据库的JSON文档异常检测与语义消歧模型 Outlier Detection and Semantic Disambiguation of JSON Document for NoSQL Database 计算机科学, 2021, 48(2): 93-99. https://doi.org/10.11896/jsjkx.200900039 |
[14] | 邹承明, 陈德. 高维大数据分析的无监督异常检测方法 Unsupervised Anomaly Detection Method for High-dimensional Big Data Analysis 计算机科学, 2021, 48(2): 121-127. https://doi.org/10.11896/jsjkx.191100141 |
[15] | 石琳姗, 马创, 杨云, 靳敏. 基于SSC-BP神经网络的异常检测算法 Anomaly Detection Algorithm Based on SSC-BP Neural Network 计算机科学, 2021, 48(12): 357-363. https://doi.org/10.11896/jsjkx.201000086 |
|