摘要
针对实际网络异常检测要求高检测率、低误报率的问题,提出了一种基于多维时间序列的检测方法。首先,通过对实际网络流量进行长期观测,提取多维特征对网络流量进行描述;然后,利用时间序列分析方法对多维特征进行预测,计算预测值与真实值的时间序列偏离度,并且实时更新偏离度,适应多变的网络环境;最后,利用支持向量机(SVM)算法对偏离度向量进行分类判别,判断是否发生异常。目前该方法已应用于校园网关键服务器的实时监测与防护工作中,实际服务器流量的预测、告警结果表明,该方法可以有效检测网络中的异常流量。
The anomaly detection of network traffic in practice requires both high detection rate and low false alarm rate. To address this problem, a detection approach based on multidimensional time series analysis was proposed. Firstly, the network traffic was observed in a long time, and multiple network features were chosen for building the network behavior model. Subsequently, multiple features were pre- dicted by the method of time series analysis. Then the degree of deviation between the predict value and the real value was calculated and updated. Finally, the state of whether the network flow is normal was determined by using support vector machine to classify the degree of deviation in time series. This method has been applied to real-time monitoring and protection on a campus key server. The results showed that it can detect anomalies effectively in network traffic.
出处
《工程科学与技术》
EI
CAS
CSCD
北大核心
2017年第1期144-150,共7页
Advanced Engineering Sciences
基金
国家自然科学基金资助项目(61272447)
关键词
异常检测
时间序列
网络流量
多维特征
网络安全
anomaly detection
time series
network traffic
multiple features
network security
作者简介
陈兴蜀(1968-),女,教授,博士生导师,博士.研究方向:云计算;信息安全;计算机网络.E-mail:chenxsh@scu.edu.cn
通信联系人E-mail:zengxm@scu.edu.cn
