计算机应用 ›› 2015, Vol. 35 ›› Issue (9): 2519-2521.DOI: 10.11772/j.issn.1001-9081.2015.09.2519

• 信息安全 • 上一篇    下一篇

基于危险理论的分布式服务异常检测模型

李锦民, 李涛, 徐凯   

  1. 武汉科技大学 计算机与科学技术学院, 武汉 430065
  • 收稿日期:2015-04-23 修回日期:2015-06-28 出版日期:2015-09-10 发布日期:2015-09-17
  • 通讯作者: 李涛(1979-),男,湖北武汉人,副教授,博士,主要研究方向:信息安全、人工免疫、服务计算,705398096@qq.com
  • 作者简介:李锦民(1990-),男,四川成都人,硕士研究生,主要研究方向:信息安全、云服务;徐凯(1989-),男,湖北孝感人,硕士研究生,主要研究方向:信息安全、云计算。
  • 基金资助:
    国家自然科学基金资助项目(61273225);湖北省教育厅人文社科重点基金资助项目(2012D111)。

Anomaly detection model based on danger theory of distributed service

LI Jinmin, LI Tao, XU Kai   

  1. College of Computer Science and Technology, Wuhan University of Science and Technology, Wuhan Hubei 430065, China
  • Received:2015-04-23 Revised:2015-06-28 Online:2015-09-10 Published:2015-09-17

摘要: 在分布式环境下,对于大量服务的海量行为数据导致服务异常检测效率低以及服务的动态组合导致服务的不确定性这两个问题,基于危险理论提出了一种分布式服务的异常检测模型。首先,借鉴人工免疫识别异常的生物学过程,利用微分来描述海量服务行为数据的变化,通过构造特征三元组的方法检测异常源;然后,借鉴云模型的思想,通过构造服务的状态云,计算服务间隶属度的方法解决服务的不确定性问题,从而计算出危险区域;最后,通过模拟学生登录选课服务进行了实验。实验结果表明,该模型不仅动态地实现了对服务的异常检测,而且准确地描述了服务之间的依赖关系,提高了异常检测的效率。实验结果证明了该模型的可行性与正确性。

关键词: 危险理论, 云模型, 数值微分, 服务起源日志, 人工免疫

Abstract: Concerning the problem that a large number of services' massive behavior data leads to inefficiency in anomaly detection of services and dynamic composition of services leads to uncertainty in service under the distributed environment, a new distributed service anomaly detection model based on danger theory was proposed. Firstly, inspired by the biological processes of artificial immune recognizing abnormalities, this paper used differentiation to describe the variation of massive services' behavior data, and constructed characteristic triad to detect abnormal source. Then, service guided by the idea of cloud model, this paper resolved uncertainty among services by constructing status cloud of the services and computing the degree of membership between services, and calculated the danger zone. Finally, the simulation experiments of student for selecting courses were carried out. According to the simulation results, the model not only detects abnormal services dynamically, but also describes of the dependencies between services accurately, and improves the anomaly detection efficiency. The simulation results verify the validity and effectiveness of the model.

Key words: risk theory, cloud model, numerical differentiation, service log origin, artificial immune

中图分类号: