西安交通大学学报
西安交通大學學報
서안교통대학학보
JOURNAL OF XI'AN JIAOTONG UNIVERSITY
2009年
12期
1-5
,共5页
网络流量%递归最小二乘法%拒绝服务攻击%异常检测
網絡流量%遞歸最小二乘法%拒絕服務攻擊%異常檢測
망락류량%체귀최소이승법%거절복무공격%이상검측
network traffic%recursive least square%denial of service attack%anomaly detection
针对网络中的各种常见攻击,提出一种基于自适应滤波的网络流量异常检测方法.首先对多种流量指标进行递推最小二乘法预测,然后以预测误差所构造的统计量容许范围进行异常检测,最后对检测结果实施归一化评估.该方法具有无需任何历史训练数据、能大量减少报警次数、突出报警严重程度的特点.在DARPA入侵检测评估数据集上的实验表明,所提方法更适合检测拒绝服务攻击引起的异常,较之相同权向量下的同类方法,其异常检测率、误报率和检测速度等性能更好.
針對網絡中的各種常見攻擊,提齣一種基于自適應濾波的網絡流量異常檢測方法.首先對多種流量指標進行遞推最小二乘法預測,然後以預測誤差所構造的統計量容許範圍進行異常檢測,最後對檢測結果實施歸一化評估.該方法具有無需任何歷史訓練數據、能大量減少報警次數、突齣報警嚴重程度的特點.在DARPA入侵檢測評估數據集上的實驗錶明,所提方法更適閤檢測拒絕服務攻擊引起的異常,較之相同權嚮量下的同類方法,其異常檢測率、誤報率和檢測速度等性能更好.
침대망락중적각충상견공격,제출일충기우자괄응려파적망락류량이상검측방법.수선대다충류량지표진행체추최소이승법예측,연후이예측오차소구조적통계량용허범위진행이상검측,최후대검측결과실시귀일화평고.해방법구유무수임하역사훈련수거、능대량감소보경차수、돌출보경엄중정도적특점.재DARPA입침검측평고수거집상적실험표명,소제방법경괄합검측거절복무공격인기적이상,교지상동권향량하적동류방법,기이상검측솔、오보솔화검측속도등성능경호.
A network traffic anomaly detection method based on adaptive filter is proposed to de-tect all kinds of network traffic attacks.Multiple network traffic indicators are predicted by re-cursive least square and the allowable statistical range based on the prediction errors are used to detect anomaly.Detection results are finally normalized.The method has the following traits:no training from any historical data,reducing the number of alarms,remarkably,and highlighting the severity of alarms.Testing results on DARPA intrusion detection data sets show that the proposed method is more suitable to detect denial of service attacks,and has a higher detection rate,faster speed and lower alarm rate than similar existing methods with same dimension of weight vectors.
