计算机工程2018,Vol.44Issue(1):165-170,6.DOI:10.3969/j.issn.1000-3428.2018.01.028
基于ME-PGNMF的异常流量检测方法
Abnormal Traffic Detection Method Based on ME-PGNMF
陈露露 1郭文普 1何灏1
作者信息
- 1. 火箭军工程大学信息工程系,西安710025
- 折叠
摘要
Abstract
Because some network anomalies have little effect on traffic flow,it is difficult to find such anomalies in traffic analysis.Traditional anomaly traffic detection method based on Principal Component Analysis (PCA) is not suitable for continuous local anomalies detection,and it can reduce the detection accuracy of abnormal flow and the physical meaning is not clear.Aiming at the above situation,an anomalous traffic detection method based on Multidimensional Entropy-Projected Gradient Non-negative Matrix Factorization (ME-PGNMF) is proposed.Firstly,the network traffic data is processed into multidimensional entropy matrix,then Projected Gradient Non-negative Matrix Factorization(PGNMF) is used to reconstruct the multi-dimensional entropy matrix,and the normal subspace and abnormal subspace are separated.Finally,the anomaly is detected by multivariate statistical process control chart Q.Experimental results show that the proposed method can detect the continuous anomaly faster and more accurately than the traditional Nonnegative Matrix Factorization(NMF) method based on the PCA method based on the flow analysis.The low-speed Distributed Denial of Serviee (DDOS) attack anomaly detection is not sensitive to the traffic change.Attacks are more sensitive.关键词
网络流量/多维熵/异常检测/非负矩阵分解/子空间Key words
network traffic/multidimensional entropy/abnormal detection/Non-negative Matrix Factorization (NMF)/subspace分类
信息技术与安全科学引用本文复制引用
陈露露,郭文普,何灏..基于ME-PGNMF的异常流量检测方法[J].计算机工程,2018,44(1):165-170,6.
