南京邮电大学学报(自然科学版)2012,Vol.32Issue(5):26-31,6.
基于相对熵的网络流量异常检测方法
Network traffic anomaly detection based on relative entropy
摘要
Abstract
The anomaly detection of network traffic, which aims at detecting abrupt attacks timely and accurately, is important in the field of network security. Existing detection methods, such as the methods based on data mining and wavelet analysis, fail to meet the application requirements of online traffic detection either due to the high complexity of algorithm or the poor detection effect. By introducing the concept of information entropy and calculating relative entropy of the network traffic on the vision of the traffic S dimensions and hierarchies in real-time, this paper proposes a relative entropy based detection method with the time complexity of algorithm at O(N ×log2N ×D) . Experiment analysis shows that the false a-larm rate can be controlled only in 0. 03 ~0. 05 when the detection rate reaches 0. 8 ~0. 85 , which meets the requirements of real-time and accuracy simultaneously.关键词
网络流量/异常检测/信息熵Key words
network traffic/ anomaly detection/ information entropy分类
信息技术与安全科学引用本文复制引用
张登银,廖建飞..基于相对熵的网络流量异常检测方法[J].南京邮电大学学报(自然科学版),2012,32(5):26-31,6.基金项目
国家自然科学基金(61071093)、国家高技术研究发展计划(863计划)(2010AA701202)、瑞典-亚洲国际合作项目(348-2008-6212)、留学回国人员项目(NJ209002)、江苏省重大科技支撑计划(BE2009063)和江苏高校优势学科(PAPD)资助项目 (61071093)