期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于层次聚类的网络流量异常分类算法 被引量:2

Network Traffic Anomaly Classification Algorithm Based on Hierarchical Clustering
在线阅读 下载PDF
导出
摘要 现有的异常流量根源分析技术大多需要人工干预,对异常事件的分类效果不佳。为此,提出基于层次聚类的流量异常分类算法TAC HC,通过特征属性的训练过程逐步建立分类树,把相似的异常嵌入到子树中,在未知数据集聚类数目的情况下对新的异常进行分类。仿真结果表明,TAC HC算法的分类平均准确率达到89%,对网络扫描这类小异常事件的分类精确率也能达到95.3%。 Most methods of root cause analysis often require manual intervention,and the classification results of anomaly events are not satisfied.This paper proposes a novel model named Traffic Anomaly Classification based on Hierarchical Clustering(TAC HC).It utilizes the learning process of its feature attributes to establish classification tree gradually and the similar anomaly is embedded in the subtree.The classification tree classifies new anomalies with the number of clusters unknown.Experimental results show that the classification accuracy of TAC HC algorithm reaches 89%,and the classification accuracy of anomalies with low traffic volumes such as network scan reaches 95.3%.
作者 许倩 程东年
机构地区 国家数字交换系统工程技术研究中心
出处 《计算机工程》 CAS CSCD 2012年第23期131-136,共6页 Computer Engineering
基金 国家"863"计划基金资助项目(2009AA01A346) 国家科技支撑计划基金资助项目(2011BAH19B01)
关键词 流特征 属性向量 网络异常事件 层次聚类 异常分类算法 traffic feature attribute vector network anomaly event hierarchical clustering anomaly classification algorithm
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献17

  • 1田家瑞,张文政,周颖杰,冯震.骨干通信网络流量告警信息关联分析[J].计算机应用研究,2011,28(1):287-289. 被引量:3
  • 2Barakat C,Thiran P,Iannaccone G,et al.Modeling InternetBackbone Traffic at the Flow Level[J].IEEE Transactions onSignal Processing Special Issue on Networking,2003,51(8):2111-2124.
  • 3Estan C,Savage S,Varghese G.Automatically Inferring Pattern ofResource Consumption in Network Traffic[C]//Proceedings ofSIGCOMM’03.Karlsruhe,Germany:ACM Press,2003:137-148.
  • 4Brauckhoff D,Dimitropoulos X,Wagner A.Anomaly Extraction inBackbone Networks Using Association Rules[C]//Proceedings ofIMC’09.Chicago,Illinois,USA:[s.n.],2009.
  • 5Zhang Yin,Singh S,Sen S,et al.Online Identification ofHierarchical Heavy Hitters:Algorithms,Evaluation,andApplications[C]//Proceedings of the 4th ACM Conference onInternet Measurement.[S.l.]:ACM Press,2004.
  • 6Cormode G,Korn F,Muthukrishnan S,et al.Diamond in theRough:Finding Hierarchical Heavy Hitters in Multi dimensionalData[C]//Proceedings of SIGMOD’04.Paris,France:[s.n.],2004:155 166.
  • 7Silveira F,Diot C,Taft N,et al.ASTUTE:Detecting a DifferentClass of Traffic Anomalies[C]//Proceedings of SIGCOMM’10.New Delhi,India:ACM Press,2010.
  • 8钱叶魁,陈鸣,郝强,刘凤荣,商文忠.ODC——在线检测和分类全网络流量异常的方法[J].通信学报,2011,32(1):111-120. 被引量:12
  • 9Bakos G,Berk V.Early Detection of Internet Worm Activity byMetering ICMP Destination Unreachable Activity[C]//Proceedingsof SPIE Conference on Sensors,and Command,Control,Communications and Intelligence.Orlando,USA:[s.n.],2002:33-42.
  • 10颜若愚,郑庆华.使用交叉熵检测和分类网络异常流量[J].西安交通大学学报,2010,44(6):10-15. 被引量:7

二级参考文献36

  • 1杨一,郑建德.基于蚂蚁聚类的自适应拒绝服务攻击检测技术[J].通信学报,2006,27(z1):88-91. 被引量:1
  • 2朱秋萍,毛平平,罗俊.基于关联规则的入侵检测系统[J].计算机工程与应用,2004,40(26):160-162. 被引量:7
  • 3孙知信,唐益慰,张伟,宫婧,王汝传.基于特征聚类的路由器异常流量过滤算法[J].软件学报,2006,17(2):295-304. 被引量:15
  • 4韩正平,蔡凤娟,许榕生.网络安全信息关联分析技术研究与应用[J].计算机应用研究,2006,23(10):93-94. 被引量:9
  • 5KRISHAN K,JOSHIL R C,KULDIP S.A distributed approach using entropy to detect DDoS attacks in ISP domain[C] //Proceedings of International Conference on Signal Processing,Communications and Networking.Piscataway,NJ,USA:IEEE,2007:331-337.
  • 6ANUKOOL L,MARK C,CHRISTOPHE D.Mining Anomalies using traffic feature distributions[C] //Proceedings of Special Interest Group on Data Communication Conference.New York,USA:ACM,2005:217-228.
  • 7GEORGE N,VYAS S,DAVID G,et al.An empirical evaluation of entropy-based traffic anomaly detection[C] // Proceedings of Internet Measurement Conference.New York,USA.ACM,2008:151-156.
  • 8QIN Tao,GUAN Xiaohong,LI Wei,et al.Dynamic features measurement and analysis for large-scale networks[C] // Proceedings of International Conference on Communications.Piscataway,NJ,USA:IEEE,2008:212-216.
  • 9YAN Ruoyu,ZHENG Qinhua.Using renyi cross entropy to analyze traffic matrix and detect DDoS attacks[J].Information Technology Journal,2009,8 (8):1180-1188.
  • 10MONTGOMERY D C,MASTRANGELO C M.Some statistical process control methods for autocorrelated data[J].Journal of Quality Technology,1991,23(3):179-193.

共引文献51

同被引文献10

引证文献2

二级引证文献37

计算机工程
2012年 第23期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部