检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:郑黎明[1] 邹鹏[2] 韩伟红[1] 李爱平[1] 贾焰[1]
机构地区:[1]国防科学技术大学计算机学院,湖南长沙410073 [2]装备指挥技术学院,北京100029
出 处:《通信学报》2011年第12期151-160,共10页Journal on Communications
基 金:国家高技术研究发展计划("863"计划)基金资助项目(2011AA010702)~~
摘 要:针对骨干网上异常检测的特殊要求,提出了一种基于Filter-ary-Sketch数据结构的异常检测方法。该方法通过Filter-ary-Sketch实时记录网络流量信息,然后每隔一定周期进行基于多维熵值的异常检测。如果出现异常则根据Filter-ary-Sketch记录的流量信息进行异常点定位,最后利用Bloom Filter中记录的源IP信息进行恶意流量阻断。该方法能够检测多种类型的网络攻击,且能有效地进行恶意流量阻断。利用实际骨干网流量数据,分别从效率和精度2个方法进行对比实验,取得了较好的效果。For the special requirements of anomaly detection in backbone networks, an anomaly detection method was proposed based in the summary data structure: Filter-ary-Sketch. It recorded the network traffic information in Filter-are-Sketch online and detected anomalies based on multi-dimensional entropy at every circle. If an anomaly was detected, the anomaly point located according to data stream recorded in Filter-ary-Sketch. Finally, malicious traffic blocked using the source IPs recorded in Bloom filter. The method was effective in detecting a variety of network attacks; especially it could block the malicious traffic. Evaluated by the experiment, the method can detect anomaly in the backbone network with small computing and memory resource and block the IP flows that are responsible for the anomaly.
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.49