检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
机构地区:[1]大连理工大学电子与信息工程学院 [2]中国电子科技集团公司第54研究所,石家庄050081
出 处:《计算机科学》2008年第7期25-28,共4页Computer Science
基 金:国家"863"计划资助课题(资助号:2005AA123910)
摘 要:针对CUSUM控制图中存在的固定检测门限和对异常终止反应迟钝的缺点,提出了一种自适应的非参量CUSUM控制图算法。该算法首先利用固定门限剔除野值,同时简化了对显著异常的检测过程。然后,采用简单滑动平均算法对非野值数据进行平滑,并基于切比雪夫不等式理论对平滑后的数据进行转换,使之满足非参量CUSUM算法的使用条件。最后,由算法根据数据转换结果自适应地设置CUSUM算法中的检测门限,并在发出异常告警后实施异常终止监控。在针对SYN洪流攻击的仿真检测试验中,利用该算法能够在检测时延不超过7个采样周期且攻击持续期间不发生漏警的要求下,准确地检测出最低攻击流量仅为正常业务流量20%的攻击行为。Fixed thresholds and slow response to end of the anomalies are two shortcomings of the traditional CUSUM control chart. Three measures are taken in this paper to solve both problems. Firstly,a fixed threshold was set to eliminate outliers and simplify the detection of obvious anomalies. Secondly, the filtered data were smoothed and trans- formed based on the simple moving average method and the Chebyshev inequality. Lastly, an adaptive threshold was set according to the transformed results, and the decision-making process would continue monitoring the anomaly for its possible end after an alarm was raised. Simulations of source end defense against SYN flooding attacks on a real traffic trace show that attack traffic which is as low as 20% of the averaged normal traffic can be accurately detected within no more than 7 sampling periods and no miss of alarms during the attacks.
分 类 号:TP273.2[自动化与计算机技术—检测技术与自动化装置] O212.1[自动化与计算机技术—控制科学与工程]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.222
