面向蓄意攻击的网络异常检测方法

doi:10.12068/j.issn.1005-3026.2020.10.002

东北大学学报:自然科学版 ›› 2020, Vol. 41 ›› Issue (10): 1376-1381.DOI: 10.12068/j.issn.1005-3026.2020.10.002

面向蓄意攻击的网络异常检测方法

赵海¹，郑春阳^1,2，王进法²，司帅宗²

(1. 东北大学计算机科学与工程学院，辽宁沈阳110169； 2. 中国科学院信息工程研究所/物联网安全北京市重点实验室，北京100093)

收稿日期:2019-07-18 修回日期:2019-07-18 出版日期:2020-10-15 发布日期:2020-10-20
通讯作者: 赵海
作者简介:赵海(1959-)，男，辽宁沈阳人，东北大学教授，博士生导师.
基金资助:
中央高校基本科研业务费专项资金资助项目(2020GFZD014).

Network Anomaly Detection Method for Intentional Attack

ZHAO Hai¹， ZHENG Chun-yang^1,2， WANG Jin-fa²， SI Shuai-zong²

1. School of Computer Science & Engineering，Northeastern University，Shenyang 110169，China; 2. Beijing Key Laboratory of IoT Information Security Technology/Institute of Information Engineering， CAS， Beijing 100093， China.

Received:2019-07-18 Revised:2019-07-18 Online:2020-10-15 Published:2020-10-20
Contact: ZHENG Chun-yang
About author:-
Supported by:
-

摘要/Abstract

摘要： 针对复杂网络受蓄意攻击频繁，而现有的检测方法大多忽略全局拓扑突变特征的问题.从网络全局拓扑的异常演化特征出发，提出网络路径相对变化系数(network path change coefficient，NPCC)r，量化节点间传输路径的变化.由斐波那契数列衍生出斐波那契演化域，用于区分正常和异常演化.将r作为核心度量参量，构建斐波那契演化域，形成网络异常检测方法，实现对异常的判定.结果表明，该检测方法的平均准确率为90%以上，高于最大公共子图(maximum common subgraph，MCS)及图编辑距离(graph edit distance，GED)的准确率，证明了所提检测方法的有效性.

关键词: 网络异常检测, 斐波那契演化域, 路径变化系数, 蓄意攻击, 网络科学

Abstract: The anomaly triggered by intentional attack in complex networks is common but most existing detection methods ignore the global topology mutation feature. To solve this problem， based on the abnormal evolution characteristics of the global network topology， a network path change coefficient (r) was proposed to quantify the change of the transmission path between nodes. The Fibonacci evolution region was derived from the Fibonacci sequence to distinguish normal and abnormal evolution. r was used as the core measurement parameter to construct the Fibonacci evolution region， form a network anomaly detection method， and realize the determination of anomalies. The results showed that the average accuracy of the detection method is more than 90%， which is higher than the accuracies of MCS (maximum common subgraph) and GED (graph edit distance)， which proves the effectiveness of the proposed detection method.

Key words: network anomaly detection, Fibonacci evolution region, path change coefficient (r), intentional attack, network science

中图分类号:

TP393

赵海，郑春阳，王进法，司帅宗. 面向蓄意攻击的网络异常检测方法[J]. 东北大学学报:自然科学版, 2020, 41(10): 1376-1381.

ZHAO Hai， ZHENG Chun-yang， WANG Jin-fa， SI Shuai-zong. Network Anomaly Detection Method for Intentional Attack[J]. Journal of Northeastern University Natural Science, 2020, 41(10): 1376-1381.

参考文献

[1]Ishibashi K，Kondoh T，Harada S，et al.Detecting anomalous traffic using communication graphs［C］//Telecommunications:The Infrastructure for the 21st Century.Vienna，2010:1-7.
[2]Koutra D，Papalexakis E E，Faloutsos C.TensorSplat:spotting latent anomalies in time［C］//Proceedings of the 2012 16th Panhellenic Conference on Informatics.Washington:IEEE Computer Society，2012:144-149.
[3]Papalexakis E E，Faloutsos C，Sidiropoulos N D.ParCube:sparse parallelizable tensor decompositions［C］//European Conference on Machine Learning & Knowledge Discovery in Databases.Berlin:Springer-Verlag，2012:521-536.
[4]Heard N A，Weston D J，Platanioti K，et al.Bayesian anomaly detection methods for social networks［J］.The Annals of Applied Statistics，2010，4(2):645-662.
[5]Peel L，Clauset A.Detecting change points in the large-scale structure of evolving networks［C］//AAAI'15:Proceedings of the Twenty-Ninth AAAI Conference on Artificial Intelligence.Palo Alto:AAAI，2015:2914-2920.
[6]Akoglu L，Tong H，Koutra D.Graph based anomaly detection and description:a survey［J］.Data Mining & Knowledge Discovery，2015，29(3):626-688.
[7]Minot M，Ndiaye S N，Solnon C.A comparison of decomposition methods for the maximum common subgraph problem［C］//2015 IEEE 27th International Conference on Tools with Artificial Intelligence (ICTAI).Salerno:IEEE，2015:461-468.
[8]Riesen K.Structural pattern recognition with graph edit distance［M］.Berlin:Springer-Verlag，2016:29-44.
[9]Koutra D，Vogelstein J T，Faloutsos C.Deltacon:a principled massive-graph similarity function［J］.ACM Transactions on Knowledge Discovery from Data，2013，10(3):1-43.
[10]Albert R，Jeong H，Barabasi A L.Error and attack tolerance of complex networks［J］.Nature，2000，406(6794):378-382.
[11]Tan F，Xia Y，Zhang W，et al.Cascading failures of loads in interconnected networks under intentional attack［J］.EPL (Europhysics Letters)，2013，102(2):28009.
[12]Wang J，Zhao H，Xu J，et al.Using intuitionistic fuzzy set for anomaly detection of network traffic from flow interaction［J］.IEEE Access，2018，6:64801-64816.
[13]Xiao S，Xiao G，Cheng T H.Tolerance of intentional attacks in complex communication networks［J］.IEEE Communications Magazine，2008，46(1):146-152.
[14]Wang J F，Liu X，Zhao H，et al.Anomaly detection of complex networks based on intuitionistic fuzzy set ensemble［J］.Chinese Physics Letters，2018，35(5):156-160.
[15]Leskovec J，Kleinberg J，Faloutsos C.Graph evolution:densification and shrinking diameters［J］.ACM Transactions on Knowledge Discovery from Data，2007，1(1):2-43.
[15]关守平，房少纯.一种新型的区间-粒子群优化算法［J］.东北大学学报(自然科学版)，2012，33(10):1381-1384.(Guan Shou-ping，Fang Shao-chun.A new interval particle swarm optimization algorithm［J］.Journal of Northeastern University(Natural Science)，2012，33(10):1381-1384.)

面向蓄意攻击的网络异常检测方法

Network Anomaly Detection Method for Intentional Attack

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 2

编辑推荐

Metrics

本文评价

[1]	刘晓，赵海，冯颖，何璇. 林木虫害大数据的网络科学分析方法[J]. 东北大学学报:自然科学版, 2016, 37(9): 1254-1258.
[2]	赵海，刘怡文，艾均，王进法. Internet动态节点特性的层级相关性研究[J]. 东北大学学报:自然科学版, 2014, 35(2): 195-198.