基于小波的网络流量异常协同相变检测

doi:10.3724/SP.J.1087.2012.02271

计算机应用 ›› 2012, Vol. 32 ›› Issue (08): 2171-2174.DOI: 10.3724/SP.J.1087.2012.02271

基于小波的网络流量异常协同相变检测

熊伟

中南民族大学计算与实验中心，武汉 430074

收稿日期:2012-01-05 修回日期:2012-03-07 发布日期:2012-08-28 出版日期:2012-08-01
通讯作者: 熊伟
作者简介:熊伟(1977-),男,湖北武汉人，讲师，博士，主要研究方向：网络安全、数字图像处理。
基金资助:
中南民族大学中央高校基本科研业务费专项资金资助项目(CZQ12010)

Synergetic phase transition detection method for network traffic anomolies based on wavelet

XIONG Wei

Center of Computing and Experimenting, South Central University for Nationalities, Wuhan Hubei 430074, China

Received:2012-01-05 Revised:2012-03-07 Online:2012-08-28 Published:2012-08-01
Contact: XIONG Wei

摘要/Abstract

摘要： 针对网络流量表现出的非线性和非平稳性等复杂的动力学特征，提出一种基于小波的网络流量异常协同相变检测方法。该方法从网络流量时间序列的离散小波域出发，利用序参量的非线性动力学方程描述网络流量系统的复杂行为，采用势函数来刻画网络流量系统的非平稳相变过程，进一步分析了网络流量状态与各种攻击模式之间的变化关系，并通过协同学模型对网络流量序参量进行演化，当相应序参量收敛时，即可检测到相应的攻击模式或是正常流量模式。最后，采用了DARPA 1999数据集进行了实验测试，网络流量异常的平均检测率达到了90.00%，而平均误检率只有15.03%。实验结果表明，基于小波的协同相变方法可以用于网络流量异常检测。

关键词: 异常检测, 网络流量, 协同学, 小波, 序参量

Abstract: According to the nonlinear and non-stationary dynamic characteristics of the network traffic, the technique based on synergetic phase transition theory was proposed for detecting network traffic anomalies. By using the nonlinear dynamic equation of the order parameter, the paper described the complex behaviors of the network traffic system in discrete wavelet domain of the network traffic time series and the potential function was used to characterize non-stationary phase transition process of the network traffic system. The relationship between network traffic status and the various attack patterns was analyzed, and the synergetic model was used to calculate the network traffic order parameter. When the corresponding order parameter converged, the corresponding attack pattern or the normal traffic pattern could be detected. Finally, the DARPA 1999 data set was used to evaluate the proposed method. The average detection rate is 90.00% and the average false alarm rate is 15.03%. The experimental results show that the proposed method is effective for the network traffic anomaly detection.

Key words: anomaly detection, network traffic, synergetics, wavelet, order parameter

中图分类号:

TP393.08

熊伟. 基于小波的网络流量异常协同相变检测[J]. 计算机应用, 2012, 32(08): 2171-2174.

XIONG Wei. Synergetic phase transition detection method for network traffic anomolies based on wavelet[J]. Journal of Computer Applications, 2012, 32(08): 2171-2174.

参考文献

[1]ADAS A. Traffic models in broadband networks [J].IEEE Communications Magazine, 1997,35(7): 82-89. [2]SANG A, LI S-Q. A predictability analysis of network traffic [J].Computer Networks,2002,39(4): 329-345. [3]ZHANG Y, LEE W. Intrusion detection in wireless Ad-Hoc networks [C]// MobiCom '00: Proceedings of the 6th Annual International Conference on Mobile Computing and Networking. New York: ACM, 2000: 275-283. [4]BARFORD P, KLINE J, PLONKA D, et al. A signal analysis of network traffic anomalies [C]// IMW '02: Proceedings of the ACM SIGCOMM Workshop on Internet Measurement. New York: ACM, 2002: 71-82. [5]QIAO Y, XIN X W, BIN Y, et al. Anomaly intrusion detection method based on HMM [J].Electronics Letters,2002,38(13): 663-664. [6]PASCHALIDIS I C, SMARAGDAKIS G. Spatio-temporal network anomaly detection by assessing deviations of empirical measures [J].IEEE/ACM Transactions on Networking, 2009,17(3): 685-697. [7]刘运,蔡志平,钟平,等.基于条件随机场的DDoS 攻击检测方法[J].软件学报, 2011,22(8): 1897-1910. [8]任勋益,王汝传,王海艳.基于自相似检测DDoS攻击的小波分析方法[J].通信学报, 2006,27(5): 6-11. [9]袁坚, 任勇, 刘锋,等.复杂计算机网络中的相变和整体关联行为[J].物理学报, 2001,50(7): 1220-1225. [10]LU JINJUN, WANG ZHIQUAN. Internet traffic data flow forecast by RFB neural network based on phase space reconstruction [J].Transactions of Nanjing University of Aeronautics and Astronautics, 2006,23(4): 316-322. [11]DAUBECHIES I. Ten lectures on wavelets [M]. Philadelphia: Society for Industrial and Applied Mathematics,2006. [12]HAKEN H. Synergetic computers and cognition: a top-down approach to neural nets [M]. Berlin: Springer-Verlag,2004. [13]YANG YUE, HU HAN-PING, XIONG WEI, et al. Network traffic anomaly detection method based on a feature of catastrophe theory [J].Chinese Physics Letters, 2010,27(6): 060501-0605014. [14]熊伟,胡汉平,王祖喜,等.基于突变级数的网络流量异常检测[J].华中科技大学学报:自然科学版,2011,39(1): 28-31.

[1]	石雪松, 李宪华, 孙青, 宋韬. 基于人工蜂群与模糊C均值的自适应小波变换的噪声图像分割[J]. 计算机应用, 2021, 41(8): 2312-2317.
[2]	孟凡, 陈广, 王勇, 高阳, 高德群, 贾文龙. 基于多粒度时序结构表示的异常检测算法在储层含油性检测中应用[J]. 计算机应用, 2021, 41(8): 2453-2459.
[3]	胡天杰, 胡文军, 王士同. 分布熵惩罚的支持向量数据描述[J]. 计算机应用, 2021, 41(8): 2212-2218.
[4]	李衍志, 范勇, 高琳. 基于形态流的石油钻井水流异常检测[J]. 计算机应用, 2021, 41(6): 1842-1848.
[5]	姚杰, 程春玲, 韩静, 刘峥. 云工作流中基于多任务时序卷积网络的异常检测方法[J]. 计算机应用, 2021, 41(6): 1701-1708.
[6]	闫钧华, 侯平, 张寅, 吕向阳, 马越, 王高飞. 基于双通道卷积神经网络的图像单失真类型判定方法[J]. 计算机应用, 2021, 41(6): 1761-1766.
[7]	谢雨, 蒋瑜, 龙超奇. 基于随机子空间的扩展隔离林算法[J]. 计算机应用, 2021, 41(6): 1679-1685.
[8]	龙超奇, 蒋瑜, 谢雨. 基于峰值网格改进的小波聚类算法[J]. 计算机应用, 2021, 41(4): 1122-1127.
[9]	効琦, 尹增山, 高爽. 基于检测与跟踪相互迭代的极暗弱目标搜索算法[J]. 计算机应用, 2021, 41(10): 3017-3024.
[10]	张晨曦, 唐曙, 唐珂. 迁移学习下的火箭发动机参数异常检测策略[J]. 计算机应用, 2020, 40(9): 2774-2780.
[11]	刘望华, 刘光帅, 陈晓文, 李旭瑞. 结合微分特征和Haar小波分解的鲁棒纹理表达[J]. 计算机应用, 2020, 40(9): 2728-2736.
[12]	王磊. 改进粗糙集属性约简结合K-means聚类的网络入侵检测方法[J]. 计算机应用, 2020, 40(7): 1996-2002.
[13]	胡珉, 白雪, 徐伟, 吴秉键. 多维时间序列异常检测算法综述[J]. 计算机应用, 2020, 40(6): 1553-1564.
[14]	仇媛, 常相茂, 仇倩, 彭程, 苏善婷. 基于长短期记忆网络和滑动窗口的流数据异常检测方法[J]. 计算机应用, 2020, 40(5): 1335-1339.
[15]	霍纬纲, 王慧芳. 基于自编码器和隐马尔可夫模型的时间序列异常检测方法[J]. 计算机应用, 2020, 40(5): 1329-1334.

基于小波的网络流量异常协同相变检测

Synergetic phase transition detection method for network traffic anomolies based on wavelet

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics