基于流时间影响域的网络流量异常检测

doi:10.12068/j.issn.1005-3026.2019.01.006

东北大学学报:自然科学版 ›› 2019, Vol. 40 ›› Issue (1): 26-31.DOI: 10.12068/j.issn.1005-3026.2019.01.006

基于流时间影响域的网络流量异常检测

徐久强，周洋洋，王进法，赵海

(东北大学计算机科学与工程学院，辽宁沈阳110169)

收稿日期:2017-10-18 修回日期:2017-10-18 出版日期:2019-01-15 发布日期:2019-01-28
通讯作者: 徐久强
作者简介:徐久强(1966-)，男，辽宁北镇人，东北大学教授; 赵海(1959-)，男，辽宁沈阳人，东北大学教授，博士生导师.
基金资助:
中央高校基本科研业务费重大科技创新项目(N161608001).

Anomaly Detection of Network Traffic Based on Flow Time Influence Domain

XU Jiu-qiang， ZHOU Yang-yang， WANG Jin-fa， ZHAO Hai

School of Computer Science & Engineering， Northeastern University， Shenyang 110169， China.

Received:2017-10-18 Revised:2017-10-18 Online:2019-01-15 Published:2019-01-28
Contact: WANG Jin-fa
About author:-
Supported by:
-

摘要/Abstract

摘要： 针对如何提高网络流量异常行为检测准确率的问题，提出基于网络流时间影响域(TID)的网络流量检测模型.通过分析正常和异常情况下流量网络模型平均度的变化，构建了基于复杂网络平均度指标的网络流量异常检测算法.实验结果表明，基于网络流时间影响域的流量网络模型能合理地描述网络流量间的依赖关系，具有良好的检测性能，同时该网络模型仅需时间戳、源IP、目的IP三维网络特征即可实现，检测方法适用于绝大多数网络类型，检测效率优于其他网络流量异常检测方法，具有较高的普适性.

关键词: 网络流量, 异常检测, 流时间影响域, 流量网络模型, 网络平均度

Abstract: Aiming at improving the accuracy rate of anomaly network traffic detection， a network traffic detection model was proposed based on the time influence domain(TID)of network flow. By analyzing the changes of average degree of traffic network model under the normal and abnormal conditions， an anomaly detection algorithm of network traffic based on the average degree metric of complex network was developed to detect the abnormal traffic. Experimental results show that based on the flow time influence domain， the anomaly detection model of traffic network can reasonably describe the inter-dependency relationship between network traffic. The proposed method has a better detection performance， meanwhile only three network features， i.e. timestamp， source IP and destination IP， are needed to implement the above model. Detection efficiency is better than other methods. The method proposed meets most network types and has a better ubiquity.

Key words: network traffic, anomaly detection, flow time influence domain, traffic network model, network average degree

中图分类号:

TP393

徐久强，周洋洋，王进法，赵海. 基于流时间影响域的网络流量异常检测[J]. 东北大学学报:自然科学版, 2019, 40(1): 26-31.

XU Jiu-qiang， ZHOU Yang-yang， WANG Jin-fa， ZHAO Hai. Anomaly Detection of Network Traffic Based on Flow Time Influence Domain[J]. Journal of Northeastern University Natural Science, 2019, 40(1): 26-31.

参考文献

[1]程艳云，张守超，杨杨.基于大数据的时间序列异常点检测研究［J］.计算机技术与发展，2016，26(5):139-144.(Cheng Yan-yun，Zhang Shou-chao，Yang Yang.Research on time series outlier detection based on big data.［J］.Computer Technology and Development，2016，26(5):139-144.)
[2]赵海，张娅，何璇，等.基于时空影响域的地震网络动力学演化特征分析［J］.东北大学学报(自然科学版)，2015，36(9):1232-1236.(Zhao Hai，Zhang Ya，He Xuan，et al.Dynamic evolution analysis of earthquake network based on the time-space influence domain［J］.Journal of Northeastern University(Natural Science)，2015，36(9):1232-1236.)
[3]贺涛.基于网络数据流依赖关系的拟阵构造［D］.上海:复旦大学，2009.(He Tao.Matroid contruction based on data streams dependent relationship in network［D］.Shanghai:Fudan University，2009.)
[4]程光，龚俭，丁伟.基于抽样测量的高速网络实时异常检测模型［J］.软件学报，2003，14(3):594-599.(Cheng Guang，Gong Jian，Ding Wei.A real-time anomaly detection model based on sampling measurement in a high-speed network［J］.Journal of Software，2003，14(3):594-599.)
[5]Grill M，Stiborek J，Zunino A.An empirical comparison of botnet detection methods［J］.Computers & Security，2014，45:100-123.
[6]Akoglu L，Tong H，Koutra D.Graph based anomaly detection and description:a survey［J］.Data Mining & Knowledge Discovery，2014，29(3):626-688.
[7]Oz L E，Eilertson E，Lazarevic A，et al.MINDS-minnesota intrusion detection system［J］.Cd Technology，2007，31(5):151-153.
[8]Ahmed M，Mahmood A N，Hu J.A survey of network anomaly detection techniques［J］.Journal of Network & Computer Applications，2016，60:19-31.
[9]Sridharan N A，Ye T，Bhattacharyya N S.Connectionless port scan detection on the backbone［C］// IEEE International Performance Computing and Communications Conference.Phoenix，2006:567-576.
[10]Tavallaee M，Stakhanova N，Ghorbani A A.Toward credible evaluation of anomaly-based intrusion-detection methods［J］.IEEE Transactions on Systems Man & Cybernetics:Part C，2010，40(5):516-524.
[11]Xu K，Zhang Z L，Bhattacharyya S.Profiling internet backbone traffic:behavior models and applications［J］.ACM SIGCOMM Computer Communication Review，2005，35(4):169-180.
[12]Barbara D，Wu N，Jajodia S.Detecting novel network intrusions using bayes［C］// Siam Conference on Data Mining.Philadelphia，2001:308-317.
[13]Sengar H，Wang X，Wang H，et al.Online detection of network traffic anomalies using behavioral distance［C］// International Workshop on Quality of Service.Charleston:IEEE，2009:1-9.
[14]Hua L，Joe H.Strength of tail dependence based on conditional tail expectation［J］.Journal of Multivariate Analysis， 2014，123(1):143-159.(上接第5页)
[13]Hesse W，Moller E，Arnold M，et al.The use of time-variant EEG Granger causality for inspecting directed interdependencies of neural assemblies ［J］.Journal of Neuroscience Methods，2003，124(1):27-44.
[14]Afshari S，Jalili M.Directed functional networks in alzheimer’s disease:disruption of Glabal and local connectivity measuers ［J］.IEEE Journal of Biomedical and Health Informatics，2016，21(4):949-955.
[15]Rubinov M，Sporns O.Complex network measures of brain connectivity:uses and interpretations ［J］.NeuroImage，2009，52(3):1059-1069.
[16]Huang D，Ren A，Shang J，et al.Combining partial directed coherence and graph theory to analyse effective brain networks of different mental tasks ［J］. Frontiers in Human Neuroscience，2016，10(5):1-11.
[17]黄璐，王宏.基于约束独立分量分析的脑电特征提取［J］.东北大学学报(自然科学版)，2014，35(3):419-423.(Huang Lu，Wang Hong.EEG feature extraction based on constrained ICA［J］.Journal of Northeastern University(Natural Science)，2014，35(3):419-423.)

基于流时间影响域的网络流量异常检测

Anomaly Detection of Network Traffic Based on Flow Time Influence Domain

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 6

编辑推荐

Metrics

本文评价

[1]	赵海，郑春阳，王进法，司帅宗. 面向蓄意攻击的网络异常检测方法[J]. 东北大学学报:自然科学版, 2020, 41(10): 1376-1381.
[2]	韩莹，井元伟，金建宇，李琨. 基于改进黑洞算法优化ESN的网络流量短期预测[J]. 东北大学学报:自然科学版, 2018, 39(3): 311-315.
[3]	李晶皎;许哲万;王爱侠;郭先日;. 基于移动模糊推理的DoS攻击检测方法[J]. 东北大学学报(自然科学版), 2012, 33(10): 1394-1398.
[4]	魏永涛;汪晋宽;王翠荣;张琨;. 基于小波变换与组合模型的网络流量预测算法[J]. 东北大学学报(自然科学版), 2011, 32(10): 1382-1385+1389.
[5]	沙毅;张婷;陈进;王光兴;. 基于流量的Ad Hoc网络负载均衡路由协议[J]. 东北大学学报(自然科学版), 2010, 31(3): 350-353.
[6]	李信满;赵宏;马士军. 基于防火墙的网络入侵检测系统[J]. 东北大学学报(自然科学版), 2001, 22(5): 489-492.