JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE) ›› 2017, Vol. 52 ›› Issue (3): 68-73.doi: 10.6040/j.issn.1671-9352.1.2016.030

Previous Articles     Next Articles

A time-relevant network traffic anomaly detection approach

ZHUANG Zheng-mao1, CHEN Xing-shu2*, SHAO Guo-lin1, YE Xiao-ming1   

  1. 1.College of Computer Science, Sichuan University, Chengdu 610065, Sichuan, China;
    2. CyberSecurity Research Institute, Sichuan University, Chengdu 610065, Sichuan, China
  • Received:2016-08-16 Online:2017-03-20 Published:2017-03-20

PDF (PC)

786

Abstract: Server behavior characteristics in a time of dynamic correlation characteristics of a clustering method based on the distribution ratio, clustering and density deviation combined to construct a temporal correlation server traffic anomaly detection model. Through the campus network server traffic and long-term observation study found that server traffic characteristics and dynamic correlation time, based on this condition, this article extract the feature server traffic flow at the present time and combines the features of the current moment of time associated with dynamic, using K-means clustering algorithm to detect the outliers of the flow characteristics, and find abnormal server traffic. Experimental results show that the model can effectively detect abnormal server traffic even in the real-world environment. The longer the model applies, the stronger adaptable the algorithm is.

Key words: network traffic, time-relevant, anomaly detection

CLC Number: 

  • TP393
[1] 郭春. 基于数据挖掘的网络入侵检测关键技术研究[D]. 北京邮电大学, 2014. GUO Chun. Research on key technologies of network intrusion detection based on data mining[D]. Beijing University of Posts and Telecommunications, 2014.
[2] 诸葛建伟, 王大为, 陈昱,等. 基于D-S证据理论的网络异常检测方法[J]. 软件学报, 2006, 17(3):463-471. ZHUGE Jianwei, WANG Dawei, CHEN Yu, et al. A network anomaly detector based on the D-S evidence theory[J]. Journal of Software, 2006, 17(3):463-471.
[3] 周颖杰, 胡光岷, 贺伟淞. 基于时间序列图挖掘的网络流量异常检测[J]. 计算机科学, 2009, 36(1):46-50. ZHOU Yingjie, HU Guangmin, HE Weisong. Network traffic anomaly detection based on data mining in time-series graph[J]. Computer Science, 2009, 36(1):46-50.
[4] 王硕, 赵荣彩, 单征. 基于FSS时间序列分析的DDoS检测算法[J]. 计算机工程, 2012, 38(12):13-16. WANG Shuo, ZHAO Rongcai, SHAN Zheng. Distributed denial of service detection algorithm based on FSS time Series Analysis[J]. Computer Engineering, 2012, 38(12):13-16.
[5] 钱叶魁, 陈鸣, 叶立新,等. 基于多尺度主成分分析的全网络异常检测方法[J]. 软件学报, 2012, 23(2):361-377. QIAN Yekui, CHEN Ming, YE Lixin, et al. Network-wide anomaly detection method based on multiscale principal component analysis[J]. Journal of Software, 2012, 23(2):361-377.
[6] 陈烨, 刘渊. 基于参数优化 SVM 融合的网络异常检测[J]. 计算机应用与软件, 2013(9):39-43. CHEN Ye, LIU Yuan. Network anomaly detection based on papameters oprimised SVM fusion[J]. Computer Applications and Software, 2013(9):39-43.
[7] 贺成彬. 基于张量分析的网络异常检测[D]. 太原:太原科技大学, 2014. HE Chengbin. Network anomaly detection technology based on tensor analysis [D]. Taiyuan University of Science & Technology, 2014.
[8] 贺亮, 褚衍杰, 韩杰思. 基于通联累积量的动态网络异常检测算法[J]. 通信技术, 2015(12):1400-1405. HE Liang, CHU Yanjie, HAN Jiesi. Anomaly detection algorithm based on communicating cumulant in dynamic network [J]. Communications Technology, 2015(12):1400-1405.
[9] 李柏楠, 钱叶魁, 罗兴国. 基于往返时延矩阵子空间的网络异常检测方法[J]. 南京理工大学学报, 2015, 39(2):215-224. LI Bainan, QIAN Yekui, LUO Xingguo. Network anomaly detection method based on RTT matrix subspace[J]. Journal of Nanjing University of Science and Technology, 2015, 39(2):215-224.
[10] 刘敬, 谷利泽, 钮心忻,等. 基于单分类支持向量机和主动学习的网络异常检测研究[J]. 通信学报, 2015, 36(11):136-146. LIU Jing, GU Lize, NIU Xinxin, et al. Research on network anomaly detection based on one-class SVM and active learning[J]. Journal on Communications, 2015, 36(11):136-146.
[11] 孙腾. 基于扩散小波的网络流量异常检测研究[D]. 北京:北京交通大学, 2015. SUN Teng. Study on anomaly detection of network traffic based on diffusion wavelet[D]. Beijing Jiaotong Universiry, 2015.
[12] YE Xiaoming, CHEN Xingshu, WANG Haizhou, et al. An anomalous behavior detection model in cloud computing [J]. Tsinghua Science and Technology, 2016, 21(3):322-332.
[13] Macqueen J. Some methods for classifications and analysis of multivariate observations[J]. Berkeley University of California Press, 1967, 1:281-297.
[1] YE Xiao-ming, CHEN Xing-shu, YANG Li, WANG Wen-xian, ZHU Yi, SHAO Guo-lin, LIANG Gang. Anomaly detection model of host group based on graph-evolution events [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(9): 1-11.
[2] LI Yang, CHENG Xiong, TONG Yan, CHEN Wei, QIN Tao, ZHANG Jian, XU Ming-di. Method for threaten users mining based on traffic statistic characteristics [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(1): 83-88.
[3] DU Rui-ying, YANG Yong, CHEN Jing, WANG Chi-heng. An efficient network traffic classification scheme based on similarity [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2014, 49(09): 109-114.
[4] GUO Chen1, LIANG Jia-rong2, LUO Chao3, PENG Shuo1. Research on the DC algorithm for an anomaly detection system based on TLR [J]. J4, 2012, 47(5): 93-97.
[5] CHANG Jian-long,YAN Ying,GONG Xue-qing,DAI Dai,ZHOU Ao-ying . SMART: a system for online monitoring large volumes of network traffic [J]. J4, 2007, 42(11): 27-31 .
[6] FENG Hai-liang,LIN Qin-jia,CHEN Di and CHEN Chun-xiao . Synthesis and analysis of network traffic based on multifractal wavelet model with different vanish moments [J]. J4, 2006, 41(2): 125-130 .
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
Copyright 2018 © Editorial office of JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE)
Supported by Beijing Magtech Co.Ltd