摘要
详细介绍了信息、信息量和信息熵的含义,并结合网络异常流量的特点,通过信息熵反应网络的流量情况。介绍了异常流量的特点和目前主要检测技术,然后介绍基于信息熵的网络异常流量检测技术,最后通过数学公式的推导,分析了利用信息熵计算分布式入侵检测的原理。
出处
《广东通信技术》
2008年第4期32-34,46,共4页
Guangdong Communication Technology
参考文献8
-
1A .Ciemm,G LinR ethinkingm anageabiiity-advancesa nde mergingp aradigm shins in managing intelligent IP networks Network Operations and Management Symposium,2004.N OMS2 004.1E EE/IFIP, V olume:1,19-23April20 04P ages:930 Vol
-
2J. Chen. R. Hudson. and K. Yao. Maximum-likelihood source localization and unknown sensor location estimation for wideband signals in the near-field. IEEE T Signal Proces., 50(8):1843-1854, August 2002
-
3Feinstein, L., Schnackenberg, D.:Statistical Approaches to Information Survivability Conference and Exposition (DISCEX 2003), pp. 303-314 (2003)
-
4C.E. Shannon, The mathematical theory of communication, The BellSystem Technical Journal 27 (1948) 623-656, pp. 623-656
-
5A. Lakhina, M. Crovella, and C. Diot. Diagnosing network-wide traffic anomalies. In SIGCOMM, pages 219-230, 2004
-
6Feinstein L, Schnackenberg D, Balupari R, et al Statistical Approaches to DDoS Attack Detection and Response[C]//Proc. of the DARPA Information Survivability Conf. and Exposition. 2003
-
7Limwiwatkul, L., Rungsawangr, A.: Distributed Denia of Service Detection using TCP/IP Header and Traffic Measurement Analysis. In: 2004 International Symposium on Communications and Information Technologies (ISCIT 2004), Sapporo, Japan (2004)
-
8Moore D, Voeker G M, Savage S. Inferring Internet Denial-of-Service Activity[C]//Proceedings of USENIX Security Symposium. 2001
同被引文献11
-
1李更生.基于时间序列分析的Web服务器DDoS攻击检测[J].计算机工程与应用,2007,43(7):135-138. 被引量:4
-
2王海龙,杨岳湘.基于信息熵的大规模网络流量异常检测[J].计算机工程,2007,33(18):130-133. 被引量:13
-
3Lakhina A, Crovella M, Diot C. Characterization of Network- wide Anomalies in Traffic Flows[R]. Technical Report: BUCS- 20040020. Boston University, 2004.
-
4Kargupta H,Park B, Hershberger D, et al. Collective data min- ing: a new perspective toward distributed data mining[C]//Pro- ceedings of Advances in Distributed and Parallel Knowledge Dis- covery. [S. 1. ] ; AAAAI/MIT Press, 2000 : 128-175.
-
5Sommer R, Paxson V. Outside the closed world; On using ma- chine learing for network intrusion detection[C]//Proc, of 2010 IEEE Symposium on Secutiry and Privacy. 2010:302-355.
-
6Nehinbe J O. Automated technique for debugging network intru- sion detection systems[C]//IEEE 2010 International Confe- rence on Intelligent Systems, Modelling and Simulation (ISMS). Liverpool, 2010 : 363-367.
-
7Kim D S, Nguyen H N,Park J S. Genetic algorithm to improve SVM based network intrusion detection system[C]//Proc, of the 19th International Conference on Advanced Information Networking and Applications. 2005: 150- 164.
-
8彭涛,薛小平,梅素平,温德龙.基于实时方差时间图法的DDoS攻击检测[J].计算机应用,2009,29(B06):80-82. 被引量:2
-
9李文忠,左万利,赫枫龄.一种基于信息熵的多维流数据噪声检测算法[J].计算机科学,2012,39(2):191-194. 被引量:4
-
10丁世飞,朱红,许新征,史忠植.基于熵的模糊信息测度研究[J].计算机学报,2012,35(4):796-801. 被引量:19
二级引证文献5
-
1申华.信息熵及其在信息安全领域中的若干应用[J].辽宁警专学报,2015,17(4):44-47.
-
2赵琦,蒋朝惠,周雪梅,宋紫华.一种基于HTTP协议的隐蔽隧道及其检测方法[J].计算机与现代化,2019,0(6):16-23. 被引量:4
-
3孙中军,翟江涛,戴跃伟.一种基于DPI和负载随机性的加密流量识别方法[J].应用科学学报,2019,37(5):711-720. 被引量:9
-
4赵培越,张珍珍,李祯祯,丁海洋,李子臣.基于ZUC与DWT-SVD的交换加密水印算法[J].计算机应用研究,2021,38(11):3423-3427. 被引量:3
-
5籍帅,石元兵,明爽,张运理,苏攀西.基于信息熵的明密文识别算法[J].通信技术,2023,56(11):1302-1306. 被引量:1
-
1范自柱,周尚超.基于形状熵的图像检索方法[J].计算机应用研究,2007,24(9):309-311.
-
2范自柱,刘二根,徐保根.互信息在图像检索中的应用[J].电子科技大学学报,2007,36(6):1311-1314. 被引量:6
-
3张维东,张凯,董青,孙维华.利用决策树进行数据挖掘中的信息熵计算[J].计算机工程,2001,27(3):71-72. 被引量:30
-
4蒲荣富.两种无线传感器网络的能耗分析[J].电子测量与仪器学报,2008,22(4):95-99. 被引量:3
-
5王锐,王逸欣,樊爱华,杨岳湘.一种跨层P2P流量检测方法[J].计算机应用,2006,26(S2):30-32. 被引量:9
-
6杨新锋,杨东芳,刘克成,辛玉林.扩展的多类别信息熵的粗糙集连续属性离散化新方法[J].红外与激光工程,2014,43(11):3802-3806. 被引量:2
-
7吴琼,杨磊,杨虎.FY-3B微波成像仪图像质量评价[J].遥感技术与应用,2012,27(4):542-548. 被引量:5
-
8李洪洋.浅析网络异常流量分析检测研究与实现[J].网络安全技术与应用,2013(10):63-64. 被引量:6
-
9李云峰.“固定”IP地址[J].网管员世界,2010(12):71-72.
-
10石全民,何辉.采用计算机算法实现复杂体系的反应网络[J].自动化与仪器仪表,2015(3):96-97.
