| 网络流量异常检测 |
| |
| 引用本文: | 单蓉胜,李建华,王明政.网络流量异常检测[J].东南大学学报,2004,20(1):16-20. |
| |
| 作者姓名: | 单蓉胜 李建华 王明政 |
| |
| 作者单位: | 上海交通大学电子工程系,上海200030 |
| |
| 基金项目: | 国家高技术研究发展计划(863计划) |
| |
| 摘 要: | 提出了一种新颖的网络洪流攻击的异常检测机制.这种检测机制的无状态维护、低计算代价的特性保证了自身具有抗洪流攻击的能力.本文以检测SYN洪流攻击为实例详细阐述了异常检测机制.这个机制应用EWMA方法检测网络流的突变, 并运用对称性分析方法检测网络流的异常活动.测试结果表明本文所提出的检测机制具有很好的检测洪流攻击的准确度, 并具有低延时特性.
|
| 关 键 词: | 异常检测 入侵检测 拒绝服务攻击 端口扫描 |
Anomaly detection for network traffic flow |
| |
| Shan Rongsheng,Li Jianhua,WANG MINGZHENG.Anomaly detection for network traffic flow[J].Journal of Southeast University(English Edition),2004,20(1):16-20. |
| |
| Authors: | Shan Rongsheng Li Jianhua WANG MINGZHENG |
| |
| Abstract: | This paper presents a novel mechanism for detecting flooding-attacks. The simplicity of the mechanism lies in its statelessness and low computation overhead, which makes the detection mechanism itself immune to flooding-attacks. In this paper, SYN-flooding, as an instance of flooding-attack, is used to illustrate the anomaly detection mechanism. The mechanism applies an exponentially weighted moving average (EWMA) method to detect the abrupt net flow and applies a symmetry analysis method to detect the anomaly activity of the network flow. Experiment shows that the mechanism has high detection accuracy and low detection latency. |
| |
| Keywords: | anomaly detection intrusion detection denial of service port scan |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
