资源描述:
《network behavior anomaly detection(网络行为异常检测)》由会员上传分享,免费在线阅读,更多相关内容在学术论文-天天文库。
1、TelecommunSyst(2012)50:113DOI10.1007/s11235-010-9384-1Large-scaleIPnetworkbehavioranomalydetectionandidentificationusingsubstructure-basedapproachandmultivariatetimeseriesminingWeisongHe·GuangminHu·YingjieZhouPublishedonline:4August2010©SpringerScience+BusinessMedia,LLC2010AbstractInthispaper,a
2、substructure-basednetworkbe-networktrafficanomalieswhichfeaturesuddeneruptinghavioranomalydetectionapproach,calledWFS(Weightedwithoutpreknownsigns,oftenbringgreatdamagetonet-FrequentSubgraphs),isproposedtodetecttheanomaliesworkequipmentsorcomputersofnetworkinashorttime.ofalarge-scaleIPnetworks.
3、WithapplicationofWFS,anTherefore,oneoftheprepositionstoensuretrustworthyentiregraphisexamined,unusualsubstructuresofwhichnetworksistodetectandlocatenetworktrafficanomaliesarereported.Duetoadditionalinformationgivenbythequicklyandaccurately,determinethereasonsthatcausegraph,theanomaliesareableto
4、bedetectedmoreaccurately.themandmakereasonableresponsetothemintime.Withmultivariatetimeseriesmotifassociationrulesmin-Anomalydetection,whichreferstothetopicoffindinging(MTSMARM),thepatternsofabnormaltrafficbehaviorpatternsindatathatdonotconformtoexpectedbehaviorareabletobeobtained.Inordertoverif
5、ytheabovepropos-orcanbedefinedasfollows:Givenasetofndatapointsals,experimentsareconductedand,togetherwithapplica-orobjectsandthenumberpofexpectedoutliers,findthetionofbackbonenetworks(Internet2)Netflowdata,showtoppobjectsthatareconsiderablydissimilar,exceptional,somepositiveresults.orinconsistent
6、withrespecttotheremainingdata[1].Net-workbehavioranomalydetectionreferstotheissueoffind-KeywordsAnomalydetectionandidentification·ingnetworkbehaviorpatternsinnetworkdatathatdonotWeightedfrequentsubgraphs·Multivariatetimeseriesconformtoexpectedbehavior.Ananomaloustrafficpatternmotifassociationrule
7、smininginacomputernetworkcouldmeanthatahackedcomputerissendingoutsensitivedatatoanunauthorizeddestination[4].Basedontheextenttowhichthelabelsareavailable,1Introductionanomalydetectiontechniquescanoperateinoneofthefol-lowingthreemodes:su
