%0 Journal Article
%T Anomalies detection method of IP forwarding based on behavior model<br>基于行为模型的IP Forwarding异常检测方法
%A GUO Lin
%A ZHANG Da-fang
%A LI Wen-wei
%A XIE Kun
%A <br>郭琳
%A 张大方
%A 黎文伟
%A 谢鲲
%J 计算机应用
%D 2006
%I 
%X A simple, robust method was proposed that integrated routing and traffic data streams to reliably detect forwarding anomalies. High resolution measurements and on-line analysis of network traffic and routing were used to provide real-time alarms in the incipient phase of network anomalies. The anomalies identification method based on behavior model used path changes, flow shift and packet delay variance and relied extensively on IP packet header information, such as TTL, source/destination address, packet length, and router's timestamps. The overall method is scalable, automatic and self-training, and effectively identifies forwarding anomalies, while avoiding the high false alarms rate.
%K behavior model
%K IP forwarding anomalies
%K time to live(TTL)
%K traffic
%K route
%K packet delay variance<br>行为模型
%K IP
%K forwarding异常
%K 生存时间(TTL)
%K 流
%K 路由
%K 报文延迟
%U http://www.alljournals.cn/get_abstract_url.aspx?pcid=5B3AB970F71A803DEACDC0559115BFCF0A068CD97DD29835&cid=8240383F08CE46C8B05036380D75B607&jid=831E194C147C78FAAFCC50BC7ADD1732&aid=6AE2BD13B86F9804&yid=37904DC365DD7266&vid=96C778EE049EE47D&iid=38B194292C032A66&sid=2497388423811B81&eid=620B8D0F1110B714&journal_id=1001-9081&journal_name=计算机应用&referenced_num=0&reference_num=6