摘要
网络流量自相似分析有聚集方差法、R/S分析法、周期图法和Whittle法。基于网络流量自相似分析的网络流量异常检测采用正常流量模型、对网络流量自相似性参数Hurst及其时变函数H(t)进行分析。对网络流量进行实时限幅及使用数据库统计,通过检测自相似性变化,判断网络流量是否异常。分布式拒绝服务攻击试验表明,此法比传统的基于特征匹配的网络流量异常检测法在识别精度与实时性上有较大提高。
Self-similarity analysis of network traffic (SSANT) includes aggregated variance, R/S analysis, periodic diagram and whittle methods. The normal model of network traffic was adopted in abnormity detection of network traffic based on SSANT. Self-Similarity Hurst parameter and time variable function H(t) of network traffics was analyzed. Network traffic was limited in real time and the abnormity characteristic was refined with database statistical analysis. Through detection of self-similarity change was measured, then determine whether the current traffic is normal. Attack test of distributed decline service shows that abnormity detection of network traffic based on SSANT is more reliable on the recognition of network traffic abnormity than any other traditional method based on character recognition.
出处
《兵工自动化》
2003年第6期28-31,共4页
Ordnance Industry Automation
关键词
入侵检测
网络流量
自相似性
分布式拒绝服务攻击
Intrude detection
Network traffic
Self-similarity analysis
Distributed decline service
