| 摘要: |
| 针对链路层异常检测中,由固定反馈时间点而导致的计算量积压以及大量无意义的采样流量数据等现象,提出了一种基于流量特征值的改进异常检测模型,重点探讨如何通过反馈计算机制实现周期内计算任务的合理优化和缩减采样数据。一方面,在对流持续时间的聚类性进行了深入分析并给出其可能聚类的最优簇基础上,将统一的反馈时间分散到各个聚类时间点;另一方面,基于流时序的可切分性对流量数据进行周期划分,并设计拟合函数对周期内流量特征进行量化表达。在此基础上,设计了改进反馈机制和异常检测算法流程。仿真实验表明, 所提出的模型和算法不仅通过优化反馈计算时间提高了检测精度,而且通过降低采样数据冗余提高了检测效率。 |
| 关键词: 网络安全 异常检测 反馈计算 流持续时间 |
| DOI:10.20079/j.issn.1001-893x.210311001 |
|
| 基金项目: |
|
| An improved anomaly detection model based on traffic clustering and segmentation |
| WU Hangfei,ZHANG Hanzhi,YING Xuelian,WANG Zeyang |
| (1.State Grid Zhejiang Cixi Power Supply Co.,Ltd.,Cixi 315300,China;2.Ningbo Power Supply Company of State Grid Zhejiang Electric Power Co.,Ltd.,Ningbo 315010,China;3.Zhejiang Huayun Information Technology Co.,Ltd.,Hangzhou 310012,China) |
| Abstract: |
| In the link layer anomaly detection,there are many problems,such as the overstocking of computation and a large number of meaningless sampled traffic data,which are caused by fixed feedback time points.For these problems,an improved anomaly detection model based on traffic eigenvalues is proposed,with focus on how to realize the reasonable optimization of computing tasks and reduction of sampled data in a cycle through feedback computer mechanism.On the one hand,based on the analysis of the clustering of convection duration and the optimal clustering,the unified feedback time is distributed to each clustering time point.On the other hand,based on the separability of flow time series,the flow data is divided into periods,and the fitting function is designed to quantify the flow characteristics in the period.On this basis,the improved feedback mechanism and anomaly detection algorithm flow are designed.Simulation results show that the proposed model and algorithm can not only improve the detection accuracy by optimizing the feedback calculation time,but also improve the detection efficiency by reducing the sampling data redundancy. |
| Key words: network security anomaly detection feedback calculation flow duration |
《电讯技术》编辑部 