东北大学学报:自然科学版 ›› 2020, Vol. 41 ›› Issue (10): 1376-1381.DOI: 10.12068/j.issn.1005-3026.2020.10.002

• 信息与控制 • 上一篇    下一篇

面向蓄意攻击的网络异常检测方法

赵海1, 郑春阳1,2, 王进法2, 司帅宗2   

  1. (1. 东北大学 计算机科学与工程学院, 辽宁 沈阳110169; 2. 中国科学院 信息工程研究所/物联网安全北京市重点实验室, 北京100093)
  • 收稿日期:2019-07-18 修回日期:2019-07-18 出版日期:2020-10-15 发布日期:2020-10-20
  • 通讯作者: 赵海
  • 作者简介:赵海(1959-),男,辽宁沈阳人,东北大学教授,博士生导师.
  • 基金资助:
    中央高校基本科研业务费专项资金资助项目(2020GFZD014).

Network Anomaly Detection Method for Intentional Attack

ZHAO Hai1, ZHENG Chun-yang1,2, WANG Jin-fa2, SI Shuai-zong2   

  1. 1. School of Computer Science & Engineering,Northeastern University,Shenyang 110169,China; 2. Beijing Key Laboratory of IoT Information Security Technology/Institute of Information Engineering, CAS, Beijing 100093, China.
  • Received:2019-07-18 Revised:2019-07-18 Online:2020-10-15 Published:2020-10-20
  • Contact: ZHENG Chun-yang
  • About author:-
  • Supported by:
    -

摘要: 针对复杂网络受蓄意攻击频繁,而现有的检测方法大多忽略全局拓扑突变特征的问题.从网络全局拓扑的异常演化特征出发,提出网络路径相对变化系数(network path change coefficient,NPCC)r,量化节点间传输路径的变化.由斐波那契数列衍生出斐波那契演化域,用于区分正常和异常演化.将r作为核心度量参量,构建斐波那契演化域,形成网络异常检测方法,实现对异常的判定.结果表明,该检测方法的平均准确率为90%以上,高于最大公共子图(maximum common subgraph,MCS)及图编辑距离(graph edit distance,GED)的准确率,证明了所提检测方法的有效性.

关键词: 网络异常检测, 斐波那契演化域, 路径变化系数, 蓄意攻击, 网络科学

Abstract: The anomaly triggered by intentional attack in complex networks is common but most existing detection methods ignore the global topology mutation feature. To solve this problem, based on the abnormal evolution characteristics of the global network topology, a network path change coefficient (r) was proposed to quantify the change of the transmission path between nodes. The Fibonacci evolution region was derived from the Fibonacci sequence to distinguish normal and abnormal evolution. r was used as the core measurement parameter to construct the Fibonacci evolution region, form a network anomaly detection method, and realize the determination of anomalies. The results showed that the average accuracy of the detection method is more than 90%, which is higher than the accuracies of MCS (maximum common subgraph) and GED (graph edit distance), which proves the effectiveness of the proposed detection method.

Key words: network anomaly detection, Fibonacci evolution region, path change coefficient (r), intentional attack, network science

中图分类号: