基于多模态数据流的网络信息局部异常点检测方法研究  被引量：5

作　　者：陈海涛[1] Chen Haitao(Information Center of China Food and Drug Verification Research institute,Beijing102629,China)

机构地区：[1]中国食品药品检定研究院信息中心,北京102629

出　　处：《电子测量技术》2020年第14期96-102,共7页Electronic Measurement Technology

摘　　要：由于原料性质、设备磨损、过程负荷等因素的影响,复杂工业系统会出现多个稳定操作模态,各稳态之间的过渡过程具有明显的动态特性,针对现有异常检测系统报警意义不明确等问题,将多模态数据流(Multimodal data flow,MDF)技术用于局部异常点检测系统。提出了一种基于多模态数据流的网络信息局部异常点检测系统。通过在此局部异常点检测系统中,使用多模态数据流技术执行异常检测,大数据流技术执行滥用检测。使用多模态数据流进行异常检测,每个节点内都有一个监视代理和一个分类器(用于检测)以及一个移动代理(用于收集信息)。异常检测和滥用检测模块的输出均由模糊检测规则应用以执行最终检测。该方法采用无状态保留的方式,采用基本特征向量来描述网络数据流实时的运行状态,并且利用基于攻击特点的数据流特征组合使报警的意义更加明确。实验结果表明:该方法提供了一个压缩比较高且能比较全面反映实际网络数据流的基础特征,这为将来的异常检测提供了一个较好的数据平台,具有比较好的可扩展性。Due to the influence of raw material property,equipment wear,process load and other factors,multiple stable operation modes will appear in complex industrial system,and the transition process between each steady state has obvious dynamic characteristics.Aiming at the problems such as unclear alarm significance of existing anomaly detection system,multi-mode data flow(MDF)technology is applied to local anomaly detection system.A local anomaly detection system of network information based on multimodal data flow is proposed.In this local outlier detection system,multi-modal data flow technology is used for anomaly detection,and big data flow technology for abuse detection.Using multimodal data flow for anomaly detection,each node has a monitoring agent and a classifier(for detection)and a mobile agent(for information collection).The outputs of anomaly detection and abuse detection modules are applied by fuzzy detection rules to perform the final detection.This method adopts the way of stateless reservation,uses the basic eigenvector to describe the real-time running state of network data flow,and uses the combination of data flow characteristics based on attack characteristics to make the meaning of alarm more clear.The experimental results show that this method provides a high compression ratio and can reflect the basic characteristics of the actual network data flow comprehensively,which provides a better data platform for future anomaly detection and has better scalability.

关 键 词：局部异常点检测系统 无线局域网(WLAN) 大数据流 多模态数据流 监视代理 

分 类 号：TP38[自动化与计算机技术—计算机系统结构]