统计向量分析下大规模网络流量异常检测仿真  被引量：4

作　　者：陈波红[1] 祝金明[2] CHEN Bo-hong;ZHU Jin-ming(Xiangsihu College of Guangxi Minzu University,Nanning Guangxi 530225,China;School of Materials and Environment,Guangxi Minzu University,Nanning Guangxi 530006,China)

机构地区：[1]广西民族大学相思湖学院,广西南宁530225 [2]广西民族大学材料与环境学院,广西南宁530006

出　　处：《计算机仿真》2023年第4期373-376,401,共5页Computer Simulation

摘　　要：为准确识别网络流量异常特征,降低用户遭受恶意攻击的概率,提出基于统计向量的大规模网络流量异常检测算法。依据网络管理协议明确节点及网络链路负载,得到网络状态和配置信息的路由矩阵,将负载值与路由矩阵引入广义回归神经网络提取流量特征,获得固定时段网络流量数据;利用SplitCap文件分割器将网络流量的一组源IP和目标IP交互划分至同一流量包,把流量包各字节映射为相同特征,使用t-分布式随机邻居嵌入方法计算流量包间欧氏距离,实现流量数据降维,锁定网络流量异常时间范围;把异常检测拟作约束条件二次优化问题,采用支持向量机统计流量向量特征,引入比特压缩技术降低数据分辨率,创建支持向量机下网络流量异常检测函数,实现异常检测。实验结果表明,所提方法的异常流量检测精度高、抗干扰性强,提升了网络流量安全监测能力。In order to accurately identify the abnormal characteristics of network traffic and reduce the probability of malicious attacks,based on statistical vector,this paper presented an algorithm for detecting large-scale network traffic anomaly.According to network management protocol,we determined the node and network link loads,and then obtained a routing matrix of network status and configuration information.After that,we introduced the load value and routing matrix into the generalized regression neural network to extract the traffic features,thus obtaining network traffic data in a fixed period.Moreover,we used SplitCap splitter to integrate a group of source IP and target IP of network traffic into the same traffic packet.Meanwhile,every byte in the traffic packet was mapped with the same characteristics.Furthermore,we used the t-distributed random neighbor embedding method to calculate the Euclidean distance between traffic packets,thus reducing the dimension of traffic data and locking the abnormal time range of network traffic.In addition,we took anomaly detection as a quadratic optimization problem with constraints and used a support vector machine to calculate the characteristic of the traffic vector.Finally,we used bit compression technology to reduce the data resolution and constructed a network traffic anomaly detection function under the support vector machine,thus achieving anomaly detection.Experimental results show that the proposed method has high detection accuracy and strong anti-interference ability for abnormal traffic,and improves the security monitoring ability.

关 键 词：统计向量 支持向量机 网络流量 异常检测 数据降维 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]