基于张量分析的网络异常检测

发布时间：2018-04-22 19:34

本文选题：高维网络流量 + 异常检测　；参考：《太原科技大学》2014年硕士论文

【摘要】：随着互联网的迅速发展，网络安全已成为人们最关心的问题之一，网络流量异常检测系统是继防火墙之后最有效的防护手段。实时、准确判定流量异常是网络检测的重点。由于对单条链路进行流量异常检测不能检测类似蠕虫病毒的网络攻击,所以必须对全网网络流量进行异常检测，以达到更好的检测效果。然而全网网络流量数据大,维数高，通常包括多个OD(Original-Destination)流，并且还有大量噪音。基于向量的异常检测方法不适用于处理维数较高的流量数据，将它们应用在全网网络流量异常检测上效果不佳。利用张量来表示高维网络流量数据，利用张量分析的方法对数据进行降维处理，能够有效降低异常检测的检测时间和算法的空间复杂度，，基于张量分析的异常检测方法适用于高维网络流量数据的异常检测。本文首先研究了基于张量分析的网络异常检测技术，设计了基于标准分数的阈值检测机制，仿真结果证明基于张量分析的异常检测方法(HOSVD、HOOI)在误报率、漏报率以及检测时间方面性能优于基于向量的异常检测方法(PCA)。然后对高维网络流量数据添加相关信息后进行异常检测，仿真结果表明对于维度之间存在相关信息的数据基于张量分析的异常检测方法在误报率和漏报率方面性能不如基于向量的异常检测方法，但是检测时间方面性能优于基于向量的异常检测方法。最后在HOSVD算法基础上基于高维数据维度相关性引入了Cross-HOSVDs算法。然后将新方法Cross-HOSVDs应用于存在相关信息的高维网络流量数据的进行异常检测。根据基于标准分数的阈值检测机制，对比Cross-HOSVDs和HOSVD方法进行异常检测时的误报率和漏报率，仿真结果证明了新方法降低了误报率和漏报率。
[Abstract]:With the rapid development of the Internet, network security has become one of the most concerned issues. Network traffic anomaly detection system is the most effective protection after firewall. Real-time, accurate detection of traffic anomalies is the focus of network detection. Because the traffic anomaly detection of a single link can not detect the network attack similar to the worm virus, it is necessary to detect the network traffic anomaly in order to achieve a better detection effect. However, the network traffic data is large and the dimension is high. It usually includes multiple ODN Original-Destinationflows, and there is also a lot of noise. The vector based anomaly detection method is not suitable for dealing with traffic data with high dimension, and it is not effective to apply them to network traffic anomaly detection. The use of Zhang Liang to represent high-dimensional network traffic data, and to reduce the dimension of the data by Zhang Liang analysis can effectively reduce the detection time of anomaly detection and the spatial complexity of the algorithm. The anomaly detection method based on Zhang Liang analysis is suitable for anomaly detection of high dimensional network traffic data. In this paper, the network anomaly detection technology based on Zhang Liang analysis is studied, and the threshold detection mechanism based on standard score is designed. The simulation results show that the anomaly detection method based on Zhang Liang analysis is false alarm rate. The performance of missed report rate and detection time is better than that of vector based anomaly detection method. Then, after adding the relevant information to the high-dimensional network traffic data, the anomaly detection is carried out. The simulation results show that the performance of the anomaly detection method based on Zhang Liang analysis is not as good as the vector based anomaly detection method in terms of false alarm rate and false alarm rate. But the performance of detection time is better than that of vector based anomaly detection method. Finally, based on the HOSVD algorithm, the Cross-HOSVDs algorithm is introduced based on the high dimensional data dimension correlation. Then the new method Cross-HOSVDs is applied to the anomaly detection of high dimensional network traffic data with relevant information. According to the threshold detection mechanism based on standard score, the false alarm rate and false false alarm rate of Cross-HOSVDs and HOSVD methods are compared. The simulation results show that the new method reduces the false alarm rate and false alarm rate.
【学位授予单位】：太原科技大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】