一种基于小波分析的网络流量异常检测方法  被引量:23

Network Traffic Anomaly Detection Based on Wavelet Analysis

在线阅读下载全文

作  者:杜臻 马立鹏 孙国梓 DU Zhen;MA Li-peng;SUN Guo-zi(School of Computer Science,Nanjing University of Posts and Telecommunications,Nanjing 210023,China)

机构地区:[1]南京邮电大学计算机学院

出  处:《计算机科学》2019年第8期178-182,共5页Computer Science

摘  要:对大量网络流量数据进行高质量特征提取与异常识别是做好网络取证的重要基础。文中重点研究并实现了网络取证中的数据处理并建立了模型库。对一种基于小波分析的网络流量异常检测方法进行了研究,用于检测包含两种不同注入攻击的pcap文件。文中的研究在Windows系统上进行,采用Python语言完成功能代码编写。首先从大量数据中提取需要的训练数据,然后使用小波分析提取特征,最后使用支持向量机进行分类器训练,从而可以利用该分类器识别出包含正常流量和异常流量的混合流量中的异常。定性和定量实验结果表明该方法对两种类型的异常流量实现了较高的分类精度,以期从特征提取和分类分析两个角度为网络取证的完善提供一种途径。High-quality feature extraction and anomaly detection of large-scale network traffic data is an important basis for network forensics.The key research and implementation of this paper is the data processing and modeling library in network forensics.A method of network traffic anomaly detection based on wavelet analysis was studied to detect pcap files containing two different injection attacks.The study was implemented on the Windows system,and Python language was used to complete the function code.First,the required training data from a large amount of data are extracted,then the features are extracted from trainning data by using wavelet analysis.Finally,the support vector machine is used for classifier training.Thus,two types of anomaly traffic are identified from the mixed traffic containing normal traffic and abnormal traffic.Qualitative and quantitative experimental results show that the method achieves good classification results,and can provide a way for the improvement of network forensics from the two perspectives of feature extraction and classification analysis.

关 键 词:网络取证 异常检测 特征提取 小波分析 分类分析 

分 类 号:TP391[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象