%0 Journal Article
%T Anomaly Detection Based on Traffic Information Structure
基于流量信息结构的异常检测
%A ZHU Ying-Wu
%A YANG Jia-Hai
%A ZHANG Jin-Xiang
%A
朱应武
%A 杨家海
%A 张金祥
%J 软件学报
%D 2010
%I
%X Due to the fact that the nature of network traffic is not fully and understood, large-scale, high-speed network traffic anomaly detection in an idea is a difficult problem to solve. According to the analysis of the network traffic structure and traffic information structure, it is found that in a certain range, the IP address and port distributions exhibit heavy tail and self-similar characteristics. The normal network traffic has a relatively stable structure. This structure corresponds to a more stable value of information entropy. Abnormal traffic and sample traffic of information entropy fluctuates by using the normal traffic as the center, and forms the structure of spatial information of IP, port, and IP number of active dimensions. Based on this discovery, the paper proposes a novel traffic classification algorithm, based on support vector machine (SVM) method, that transforms the traffic anomaly detection issue to a SVM-based classification decision issue. The experimental results not only evaluate its accuracy and efficiency, but also show its ability to detect on sampled traffic, which is very important for the traffic data reduction and efficient anomaly detection of high speed networks.
%K anomaly detection
%K network traffic structure
%K traffic information structure
%K anomalous traffic
%K sampling
异常检测
%K 网络流量结构
%K 流量信息结构
%K 异常流量
%K 抽样
%U http://www.alljournals.cn/get_abstract_url.aspx?pcid=5B3AB970F71A803DEACDC0559115BFCF0A068CD97DD29835&cid=8240383F08CE46C8B05036380D75B607&jid=7735F413D429542E610B3D6AC0D5EC59&aid=D9C125368C715A75F1439E4ABBC5C0AC&yid=140ECF96957D60B2&vid=659D3B06EBF534A7&iid=F3090AE9B60B7ED1&sid=169C7F379A8FAC69&eid=ADBCBDA20126732E&journal_id=1000-9825&journal_name=软件学报&referenced_num=0&reference_num=13