计算机科学 ›› 2016, Vol. 43 ›› Issue (3): 163-166.doi: 10.11896/j.issn.1002-137X.2016.03.031

• 信息安全 • 上一篇    下一篇

基于尖点突变模型的联动网络流量异常检测方法

邱卫,杨英杰   

  1. 解放军信息工程大学 郑州450001 河南省信息安全重点实验室 郑州450001,解放军信息工程大学 郑州450001 河南省信息安全重点实验室 郑州450001
  • 出版日期:2018-12-01 发布日期:2018-12-01
  • 基金资助:
    本文受国家863计划项目(2012AA012704),国家973计划项目(2011CB311801),郑州市科技领军人才项目(131PLJRC644)资助

Interaction Network Traffic Anomaly Detection Method Based on Cusp Catastrophic Model

QIU Wei and YANG Ying-jie   

  • Online:2018-12-01 Published:2018-12-01

摘要: 针对现有方法没有考虑联动网络流量的非线性动力学特性,以及不能有效区分正常联动业务流量和异常攻击流量的问题,提出了一种基于尖点突变模型的联动流量异常检测方法。通过对联动网络流量非线性动力学特征参数的分析与提取,建立正常流量的尖点突变模型;利用模型的平衡曲面来描述网络流量系统的行为,构造正常网络流量行为的平衡曲面;并以网络流量行为相对于正常平衡曲面的偏离程度作为异常检测的依据。实验结果表明,所提方法具有较高的检测率和较低的误报率。

关键词: 尖点突变,联动,流量异常,非线性动力学,平衡曲面

Abstract: As the exiting methods do not consider the nonlinear dynamics feature of interaction network traffic,and cannot distinguish between normal interaction traffic and abnormal attack traffic effectively,we proposed an interaction traffic anomaly detection method based on cusp catastrophe.The normal traffic cusp catastrophe model is established on the nonlinear dynamics parameters of interaction network traffic,and the equilibrium surface is used to describe the behavior of network traffic system and the balance surface of normal network traffic behavior is structured.Then the devia-tion of normal balance surface is taken as basis to detect anomaly.Experimental results show that this method gets higher detection rate and lower false alarm rate.

Key words: Cusp catastrophe,Interaction,Traffic anomaly,Nonlinear dynamics,Equilibrium surface

[1] Zang Tian-ning,Yun Xiao-chun,Zhang Yong-zheng.A Model of Network Device Corrdinative Run[J].Chinese Journal of Computers,2011,34(2),216-228(in Chinese) 臧天宁,云晓春,张永铮.网络设备协同联动模型[J].计算机学报,2011,34(2):216-228
[2] Wang B Y,Yang H P,Zhang S M.Research on application of interaction firewall with IDS in distribution automation system[M]∥Advances in Electronic Engineering,Connumication and management Vol 1.Springer,2012:527-532
[3] Zheng Li-ming,Zou Peng,Jia Yan.How to Extract and Train the Classifier in Traffic Anomaly Detection System[J].Chinese Journal of Computers,2012,35(4):719-729(in Chinese) 郑黎明,邹鹏,贾焰.网络流量异常检测中分类器的提取与训练方法研究[J].计算机学报,2012,35(4):719-729
[4] Ahmed M,Mahmood A N.Novel Approach for Network Traffic Pattern Analysis using Clustering-based Collective Anomaly Detection[J].Annals of Data Science,Springer,2015,2(1):111-130
[5] Zhang Bin,Yang Jia-hai,Wu Jian-ping.Survey and Analysis on the Internet Traffic Model[J].Journal of Software,2011,2(1):115-131(in Chinese) 张宾,杨家海,吴建平.Internet流量模型分析与评述[J].软件学报,2011,2(1):115-131
[6] Alotibi G,Li F,Clarke N.Behavioral-Based Feature Abstraction from Network Traffic[C]∥ ICCWS 2015.2015:176-188
[7] Yang Xin-yu,Yang Shu-sen,Li Juan.A Flooding-BasedDDoS Detection Algorithm Based on Non-Linear Preprocessing Network Traffic Predicted Method[J].Chinese Journal of Computers,2011,34(2):395-405(in Chinese) 杨新宇,杨树森,李娟.基于非线性预处理网络流量预测方法的泛洪型DDoS攻击检测算法[J].计算机学报,2011,4(2):395-405
[8] Hofleitner A,Herring R,Abbeel P.Learning the dynamics ofarterial traffic from probe data using a dynamic Bayesian network[J].IEEE Transactions on Intelligent Transportation System,2012,3(4):1679-1693
[9] Wei Xiong,Hu Han-ping,Laurence T.Anomaly secure detection methods by analyzing dynamic characteristics of the network traffic in cloud communications[J].Information Sciences,2014(258):403-415
[10] Yang Yue.Network Traffic Anomaly Detection Method Based on a Feature of Catastrophe Theory[J].CHIN.PHYS.LETT.,2010,7(6):116-124
[11] Lin Jian-ren,Yang Xiao-long,Long Ke-ping,et al.Catastrophe Model Construction and Verification for Network Anomaly Detection[C]∥ SPIE Proceedings.Vol.7137,8:70-81
[12] Wei Xiong,Nai Xue-xiong,Laurence T.Yang.Network Traffic Anomaly Detection based on Catastrophe Theory[C]∥2010 IEEE GLOBECOM Workshops.2010:2070-2074
[13] Gu J,Chen S.Nonlinear Analysis on Traffic Flow Based on Catastrophe and Chaos Theory[J].Discrete Dynamics in Nature and Society,2014,3(3):253-264
[14] Yang Xiao-long,Zhang Min,Hu Wu-sheng.IP Network Anomalous Behaviors Detection Mechanism[J].Journal of University of Electronic Science and Technology of China,2011,0(6):892-897(in Chinese) 阳小龙,张敏,胡武生.基于尖点突变模型的IP网络异常行为检测方法[J].电子科技大学学报,2011,0(6):892-897
[15] Zhang Xian-jiang,Liu Xiao-qiang.Nonlinear Network TrafficPrediction Model Based on Parameters Joint Optimization[J].Computer Engineering and Application,2014,50(6):64-67(in Chinese) 张显江,刘小强.一种参数联合优化的网络流量非线性预测模型[J].计算机工程与应用,2014,50(6):64-67
[16] Wen Xiang-xi,Meng Xiang-ru,Ma Zhi-qiang.The Chaotic Ana-lysis and Trend Prediction on Small-Time Scale Network Traffic[J].ACTA Electronica Sinica,2012,40(8):1609-1616(in Chinese) 温祥西,孟相如,马志强.小时间尺度网络流量混沌性分析及趋势预测[J].电子学报,2012,40(8):1609-1616
[17] Kane J,Lawrence J,Farnon M.Analysis of network traffic:883870[P].
[18] 胡晓洁.正态分布及其扩展综述[J].数学学习与研究,2014(3):92-94
[19] Kolbusz J,Rozycki P,Korniak J.The Simulation of MaliciousTraffic Using Self-similar Traffic Model[M]∥Human-Compu-ter Systems Interaction:Background and Applications 2.Sprin-ger,2012:327-341

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!