基于网络模块化结构的异常发现
doi: 10.3724/SP.J.1146.2010.00204
Anomaly Detection Based on Network Module Structure
-
摘要: 该文针对大规模高速网络海量数据和异常检测率较低的问题,将复杂网络的模块概念引入网络异常检测领域,化网络检测为数个网络模块检测的综合。首先通过建立网络划分策略与网络检测率关系模型,理论地证明按照网络本身所具有的模块结构划分网络有利于网络总体的检测。其次在真实网络采集的数据集上用并行处理技术进行实验,结果表明基于网络模块的检测比基于网络的检测能提供更加准确和高效的检测结果。Abstract: The large scale and high speed networks create massive data and have low detection accuracy. To address the problems, the idea module is brought from complex network into anomaly detection area. Firstly, the relations between network partition strategy and network detection accuracy are modeled, and a theoretically proof is given that partition strategy which based on network modularity is favorable for anomaly detection. Secondly, the module-based detection is proved that has higher detection rate and efficiency than network-based detection by theoretical analysis and experiments. Finally, by using flow-splitting and parallel processing technologies this approach can improve efficiency obviously.
-
Key words:
- Network anomaly detection /
- Network modularity /
- Flow-split
-
计量
- 文章访问数: 3418
- HTML全文浏览量: 94
- PDF下载量: 836
- 被引次数: 0
下载:
