%0 Journal Article
%T A Real-Time Anomaly Detection Model Based on Sampling Measurement in a High-Speed Network<br>基于抽样测量的高速网络实时异常检测模型
%A CHENG Guang
%A GONG Jian
%A DING Wei
%A <br>程光
%A 龚俭
%A 丁伟
%J 软件学报
%D 2003
%I 
%X Real-Time anomaly detection is a highlighted topic of network security research in recent years. Based on statistics character of traffic in a large-scale network, the steady metrics that can estimated network behavior are found and a sampling measurement model is presented in this paper. According to the center limited theory and hypothesis test, a real-time detection model on anomaly behavior of network traffic is built. Finally, the network behavior metrics on the ratio between ICMP request packets and reply packets is defined and the ICMP scan attack in the CERNET network is monitored real timely. Method and idea of this model provide some directed sense for other network security detection research.
%K sampling measurement
%K metric
%K anomaly detection
%K smoothing window
%K high-speed network<br>抽样测量
%K 测度
%K 异常检测
%K 滑动窗口
%K 高速网络
%U http://www.alljournals.cn/get_abstract_url.aspx?pcid=5B3AB970F71A803DEACDC0559115BFCF0A068CD97DD29835&cid=8240383F08CE46C8B05036380D75B607&jid=7735F413D429542E610B3D6AC0D5EC59&aid=37D163564A53E689&yid=D43C4A19B2EE3C0A&vid=F3583C8E78166B9E&iid=38B194292C032A66&sid=65FC738C50B41E43&eid=4158386E7B9422C8&journal_id=1000-9825&journal_name=软件学报&referenced_num=24&reference_num=9