通信学报

• 网络安全 • 上一篇    

RMPCM:一种基于健壮多元概率校准模型的全网络异常检测方法

李宇翀,罗兴国,钱叶魁,赵 鑫   

  1. 1. 国家数字交换系统工程技术研究中心,河南 郑州 450002; 2. 通信网信息传输与分发技术重点实验室,河北 石家庄 050000;3. 解放军防空兵学院,河南 郑州 450052
  • 出版日期:2015-11-27 发布日期:2015-11-27
  • 基金资助:
    国家重点基础研究发展计划(“973”计划)基金资助项目(2012CB315901, 2013CB329104);上海市科学技术委员会基金资助项目(13DZ1108800);通信网信息传输与分发技术重点实验室基金资助项目

RMPCM: network-wide anomaly detection method based on robust multivariate probabilistic calibration model

  • Online:2015-11-27 Published:2015-11-27

摘要: 提出了一种基于健壮多元概率校准模型的异常检测方法。该方法使用基于多元t分布的隐变量概率模型建立流量矩阵的常态模型,通过比较样本与常态模型之间的马氏距离进行流量异常检测。理论分析和实验表明该方法的健壮性较好,应用场景宽泛,既可以处理完整数据也可以处理数据缺失的情况,对干扰抵抗力较强,并且对模型参数的敏感性较低,性能稳定。

关键词: 异常检测;缺失数据;噪声干扰;概率模型;隐变量

Abstract: Anomaly detection algorithm based on robust multivariate probabilistic calibration model was proposed. This algorithm established normal status model of traffic flow matrix based on the latent variable probability model of multivariate t-distribution. The algorithm implemented network anomaly detection by comparing Mahalanobis distance between samples and normal status model. Theoretical analysis and experiments demonstrate its robustness and wide application. The algorithm is applicable when dealing with both data integrity and loss. It also has a stronger resistance over noise interference and lower sensitivity on model parameters, all of which indicate its performance stability.

Key words: anomaly detection; missing data; noise interference; probabilistic model; latent variable

No Suggested Reading articles found!