| 摘要: |
| 首先讨论了传统流量统计分析的缺点,指出熵分析能够反映更多潜在的信息,发现传
统流量统计分析不能发现的网络异常。其次,讨论了流量熵和计数熵的不同,指出两者应该
配合使用,不能如现有研究中一样片面地使用其中一种。最后,用互信息法分析了两种熵的
常用特征,实验发现两者分别呈现冗余状态,在剔除冗余之后检测的效率有明显提高,且不
失检测准确率。 |
| 关键词: 网络异常检测 网络流量 互信息 熵特征优选 |
| DOI: |
|
| 基金项目: |
|
| Entropy feature selection of network anomaly detection by using mutual information |
| YI Sheng-lan |
| () |
| Abstract: |
| Firstly, the shortcomings of traditional statistic
al analysis using network flow data are discussed, and it is pointed out that th
e entropy analysis ca
n reflect more potential information to find out more network anomaly that can n
ot be found by the traditional statistical analysis. Secondly, the difference be
tween the flow entropy and count entropy is discussed and it is proposed that th
ey should be used cooperatively and that using one of them just as existing stud
ies is not recommended. Finally, features of the two kinds of entropy are studie
d bymutual information analysis. The simulations show that there is redundant in
them. After redundant features are eliminated, the detection efficiency is incr
eased significantly while the detection accuracy is maintained. |
| Key words: network anomaly detection network traffic mutual information entropy feature sel
ection |
《电讯技术》编辑部 