期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于奇异值分解更新的多元在线异常检测方法 被引量:3

A Multivariate Online Anomaly Detection Algorithm Based on SVD Updating
在线阅读 下载PDF
导出
摘要 网络异常检测对于保证网络稳定高效运行极为重要。基于主成分分析的全网络异常检测算法虽然具有很好的检测性能,但无法满足在线检测的要求。为了解决此问题,该文引入流量矩阵模型,提出了一种基于奇异值分解更新的多元在线异常检测算法MOADA-SVDU,该算法以增量的方式构建正常子空间和异常子空间,并实现网络流量异常的在线检测。理论分析表明与主成分分析算法相比,该算法具有更低的存储和计算开销。因特网实测的流量矩阵数据集以及模拟试验数据分析表明,该算法不仅实现了网络异常的在线检测,而且取得了很好的检测性能。 Network anomaly detection is critical to guarantee stabilized and effective network operation.Although PCA-based network-wide anomaly detection algorithm has good detection performance,it can not satisfy demands of online detection.In order to solve the problem,the traffic matrix model is introduced and a Multivariate Online Anomaly Detection Algorithm based on Singular Value Decomposition Updating named MOADA-SVDU is proposed.The algorithm constructs normal subspace and abnormal subspace incrementally and implements online detection of network traffic anomalies.Theoretic analysis shows that MOADA-SVDU has lower storage and less computing overhead compared with PCA.Analyses for traffic matrix datasets from Internet and simulation experiments show that MOADA-SVDU algorithm not only achieves online detection of network anomaly but also has very good detection performance.
作者 钱叶魁 陈鸣
机构地区 解放军理工大学指挥自动化学院 解放军防空兵指挥学院
出处 《电子与信息学报》 EI CSCD 北大核心 2010年第10期2404-2409,共6页 Journal of Electronics & Information Technology
基金 国家自然科学基金重大研究计划(90304016) 国家863计划项目(2007AA01Z418) 江苏省自然科学基金(BK2009058)资助课题
关键词 网络异常检测 在线算法 奇异值分解 多元分析 增量学习 Network anomaly detection Online algorithm Singular Value Decomposition (SVD) Multivariate analysis Incremental learning
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献13

  • 1Lakhina A,Crovella M,and Diot C.Diagnosing network-wide traffic anomalies[C].SIGCOMM,Portland,Oregon,USA,2004:224-235.
  • 2Lakhina A,Crovella M,and Diot C.Mining anomalies using traffic feature distributions[C].SIGCOMM,Philadelphia,Pennsylvania,USA,2005:164-175.
  • 3Jin Y,Sharafuddin E,and Zhang Z L.Unveiling core network-wide communication patterns through application traffic activity graph decomposition[C].SIGMETRICS,Seattle,WA,USA,2009:86-91.
  • 4Torres R,Hajjat M,and Rao S G,et al..Inferring undesirable behavior from P2P traffic analysis[C].SIGMETRICS,Seattle,WA,USA,2009:156-167.
  • 5Logg C,Cottrell L,and Navratil J.Experiences in traceroute and available bandwidth change analysis[C].SIGCOMM Workshop,Portland,Oregon,USA,2004:81-90.
  • 6吴志军,张东.低速率DDoS攻击的仿真和特征提取[J].通信学报,2008,29(1):71-76. 被引量:12
  • 7谢逸,余顺争.基于Web用户浏览行为的统计异常检测[J].软件学报,2007,18(4):967-977. 被引量:42
  • 8Zhao H,Yuen P C,and Kwok J T.A novel incremental principal component analysis and its application for face recognition[J].IEEE Transactions on Systems,Man,and Cybernetics-Part B:Cybernetics,2006,36(3):873-886.
  • 9Ahmed T,Coates M,and Lakhina A.Multivariate online anomaly detection using kernel recursive least squares[C].INFOCOM,Los Angeles,USA,2007:387-396.
  • 10Lakhina A,Papagiannaki K,and Crovella M,et al..Structural analysis of network traffic flows[C].SIGMETRICS,New York,NY,USA,2004:156-167.

二级参考文献18

  • 1何慧,张宏莉,张伟哲,方滨兴,胡铭曾,陈雷.一种基于相似度的DDoS攻击检测方法[J].通信学报,2004,25(7):176-184. 被引量:36
  • 2孙钦东,张德运,高鹏.基于时间序列分析的分布式拒绝服务攻击检测[J].计算机学报,2005,28(5):767-773. 被引量:55
  • 3任勋益,王汝传,王海艳.基于自相似检测DDoS攻击的小波分析方法[J].通信学报,2006,27(5):6-11. 被引量:56
  • 4孙红杰,方滨兴,张宏莉.基于链路特征的DDoS攻击检测方法[J].通信学报,2007,28(2):88-93. 被引量:11
  • 5SPECHT S M, LEE R B. Distributed denial of service: taxonomies of attacks, tools, and countermeasures[A]. Proceedings of the 17th Int'l Conf[C]. 2004.536-543.
  • 6LUO X, CHANG R K C. On a new class of pulsing denial-of-service attacks and the defense[A]. Network and Distributed System Security Symposium (NDSS'05)[C]. San Diego, CA, 2005.2-5.
  • 7PAN R, PRABHAKAR B, PSOUNIS K. CHOKe: a stateless active queue management scheme for approximating fair bandwidth allocation[A]. INFOCOM 2000[C]. 2000. 942-951.
  • 8KUZMANOVIC A, KNIGHTLY E W. Low-rate TCP-targeted denial of service attacks-the shrew vs the mice and elephants[A]. Proceedings ofACM SIGCOMM 2003[C]. 2003.
  • 9SUN H B, LUI J C S, YAU D K Y. Defending against low-tale TCP attacks: dynamic detection and protection[A]. Proc IEEE International Conference on Network Protocols ([CNP)[C]. Berlin, Germany, 2004. 5-8.
  • 10STEVENS W R. TCP/IP Illustrated Volume 1:The Protocols[M]. Addison-Wesley, Hardcover, Published, 1994.

共引文献52

同被引文献52

  • 1潘国荣,谷川,施贵刚.空间圆形物体检测方法与数据处理[J].大地测量与地球动力学,2007,27(3):28-30. 被引量:55
  • 2周静静,杨家海,杨扬,张辉.流量矩阵估算的研究[J].软件学报,2007,18(11):2669-2682. 被引量:16
  • 3Thottan M, Ji Chuanyi. Anomaly detection in IP networks[ J]. IEEE Transaction on Signal Processing, 2003,51 (2) :2109-2118.
  • 4Paul B,Jeffery K, David P, et al. A signal analysis of network traffic anomalies [ A ]. Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurement [ C ]. Marseille, France : IMW ,2002:71-82.
  • 5Jake D B. Aberrant behavior detection in time series for network monitoring [ A ]. Proceedings of the 14th USENIX Conference on System Administration [ C ]. Berkeley, US : Berkeley CA, 2000 : 139-146.
  • 6McGregor A J,Braun H W. Automated event detection for active measurement systems [ A ]. Proceedings of Passive and Active Measurement ( PAM ) [ C ]. Amsterdam, Netherland : PAM, 2001:23 -32.
  • 7Connie L, Cottrell J. Experiences in traceroute and available bandwidth change analysis [ A ]. SIGCOMM Workshop [ C ]. Portland, US : ACM Press, 2004 : 247 -252.
  • 8Anukool L, Mark C, Christophe D. Mining anomalies using traffic feature distributions[ A ]. SIGCOMM [ C ]. Philadelphia, US : ACM Press, 2005:217 -228.
  • 9Mardani M. Robust network traffic estimation via sparsity and low rank [ A ]. Acoustics, Speech and Signal Processing(ICASSP) [ C ]. Vancouver, Canada: IEEE ,2013:4529-4533.
  • 10Novakov S, Lung Chunghorng, Lambadaris I, et al. Studies in applying PCA and wavelet algorithms for network traffic anomaly detection [ A ]. High Performance Switching and Routing (HPSR) [ C ]. Taipei, China : IEEE, 2013 : 185 - 190.

引证文献3

二级引证文献9

电子与信息学报
2010年 第10期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部