基于自相似的异常流量检测模型_贾慧.pdf

2010年第12期，第43卷 通 信 技 术 Vol.43，No.12,2010 总第228期 Communications Technology No.228,Totally 基于自相似的异常流量检测模型 贾 慧， 高仲合 （曲阜师范大学，山东 日照 276826） 【摘 要】现行网络中存在诸多影响网络安全和服务性能的异常流量，异常流量的存在不仅影响用户的正常使用，而且 会造成网络拥塞和网络瘫痪，甚至会篡改和破坏用户及服务器的数据，造成不可估量的损失。为及时发现这些流量，设计了 一个基于自相似特性的异常流量检测模型。根据现行网络流量大速度快等特点，该模型设计分为简单流分类模块、自适应抽 样模块、实时估计 Hurst 参数模块以及异常流量判断模块四部分。设计的此检测模型能够在很大程度上保证网络流量检测的 准确性和高效性。 【关键词】自相似；异常流量；流分类；流抽样 【中图分类号】TP393 【文献标识码】A 【文章编号】1002-0802(2010)12-0115-03 Anomalous-traffic Detection Model based on Self-similarity JIA Hui, GAO Zhong-he (Qufu Normal University, Rizhao Shandong 276826, China) 【Abstract】Various anomalous traffics have serious impacts on the safety and service performance of the modern network. The anomalous traffics in the network not only affects the normal use of the user, but also could cause network congestion paralysis, or more seriously, distort or destroy the data of the user and the servers, thus resulting in immeasurable losses. In order to find these anomalous traffics timely, an anomalous traffic detection model based on self-similarity is designed. According to the large-flow and high-speed characteristics of the modern network, the model consists of the simple flow classification module, the adaptive sampling module, the Hurst parameter on-line estimation and the anomalous-traffic judgment module. To a great extent this detection model could guarantee the accuracy and high ef