电信科学 ›› 2010, Vol. 26 ›› Issue (6): 76-80.doi: 10.3969/j.issn.1000-0801.2010.06.018

• 专题:云计算与应用 • 上一篇    下一篇

基于MapReduce的PCA异常流量检测系统实现

黄志兰,丁圣勇,杨国良,罗颂锋   

  1. 中国电信股份有限公司广东研究院 广州 510630
  • 出版日期:2010-06-15 发布日期:2010-06-15

A PCA-based Network Anomaly Detection System Using MapReduce Method

Zhilan Huang,Shengyong Ding,Guoliang Yang,Songfeng Luo   

  1. Guangdong Research Institute of China Telecom Co.,Ltd.,Guangzhou 510630,China
  • Online:2010-06-15 Published:2010-06-15

在线阅读

20

PDF下载

683

被引次数

21

摘要:

PCA是一种在高维空间中检测网络异常流量的有效方法,它可以从全局角度对网络流量数据进行分析,检测网络中隐藏的异常。在面对运营商全网流量数据时,如何快速从海量的Netflow流量数据中生成统计矩阵供PCA检测分析,是PCA异常流量检测方法面临的最大困难之一。MapReduce是随着云计算兴起的一项分布式计算方法,它充分利用计算机集群的处理能力,能有效应对海量数据分析任务。本文提出了一种有效的机制,将MapReduce分布式计算方法应用在PCA异常流量检测中。结果表明,MapReduce方法极大地提高了PCA异常流量检测方法的处理性能,使得PCA异常流量检测能有效处理运营商全网数据。

关键词: PCA, MapReduce, 网络异常流量检测, Netflow

Abstract:

PCA is an effective method for network anomaly detection in high dimensional data space.It can analyze traffics and detect anomalies from network-wide perspective.When analyzing the carrier's whole network traffic,we have to think of the massive property.How to derive the statistic matrix from massive netflow records for PCA analysis is one of the biggest difficulties.MapReduce is a new distributed computation paradigm coming with cloud computing technologies.It takes full use of computer processing power of clusters,thus could handle data analysis tasks over large scale data.In this paper,we proposed a new approach based on MapReduce model for large scale PCA network anomaly detection.The experiment result shows MapReduce based PCA implementation can effectively handle the whole network traffics

Key words: PCA, MapReduce, network traffic flow anomalies dectection, netflow

No Suggested Reading articles found!