基于heavy hitter流提取的网络异常检测优化研究

doi:10.3969/j.issn.1000-0801.2010.03.013

电信科学 ›› 2010, Vol. 26 ›› Issue (3): 46-51.doi: 10.3969/j.issn.1000-0801.2010.03.013

基于heavy hitter流提取的网络异常检测优化研究

张玉^1,²,戴磊²

¹ 哈尔滨工业大学计算机科学与技术学院哈尔滨 150001
² 中国科学院计算技术研究所北京 100080

出版日期:2010-03-15 发布日期:2010-03-15
基金资助:
国家“863”计划基金资助项目;国家自然科学基金资助项目

Optimizing Network Anomalous Detection Via Heavy Hitter Identification

Yu Zhang^1,²,Lei Dai²

¹ School of Computer Science and Technology,Harbin Institute of Technology,Harbin 150001,China
² Institute of Computing Technology,Chinese Academy of Sciences,Beijing 100190,China

Online:2010-03-15 Published:2010-03-15

摘要/Abstract

摘要：

由于网络吞吐量的快速增长，高速网络下的测量与监控在计算和存储性能方面正面临巨大的挑战，因此长流提取、高速流识别等按需监控技术逐渐受到研究者们的关注，成为网络测量与监控领域的研究热点。本文出于缓解高速网络下异常检测性能压力的目的，提出了一种基于heavy hitter流提取的异常检测优化方法。根据我们对计算和存储性能的测试以及基于真实网络数据进行的实验表明，该方法能够以较少的计算和存储资源提取网络中的heavy hitter流，有助于发现大规模的网络攻击，缓解网络异常检测系统的性能压力。

关键词: 蠕虫扩散, 面向网络的异常检测, 分布式拒绝服务攻击

Abstract:

In this paper,we propose a network anomalous detection optimizing method via heavy hitter flow identification.Experimental results demonstrate that the proposed method is actually effective and lightweight for heavy hitter flow identification and can benefit large-scale network anomaly detection,mitigate performance stress.

Key words: worm propagation, network anomaly detection, distributed denial-of-service

张玉,戴磊. 基于heavy hitter流提取的网络异常检测优化研究[J]. 电信科学, 2010, 26(3): 46-51.

Yu Zhang,Lei Dai. Optimizing Network Anomalous Detection Via Heavy Hitter Identification[J]. Telecommunications Science, 2010, 26(3): 46-51.

图/表 7

图1

图2

图3

图4

图5

图6

图7

参考文献 17

1	Estan C , Varghese G . New directions in traffic measurement and accounting.In: Proceedings of Applications,Technologies,Architectures and Protocols for Computer Communications, Pittsburgh, 2002
2	Mori T , Uchida M , Kawahara R et al. Identifying elephant flows through periodically sampled packets.In: The 4th ACM SIGCOMM Conference on Internet Measurement, Taormina, 2004
3	Kamiyama N , Mori T . Simple and accurate identification of high-rate flows by packet sampling.In: The 25th IEEE International Conference on Computer Communications, Barcelona, April 2006
4	Venkataraman S , Song D , Gibbons P et al. New streaming algorithms for fast detection of superspreaders.In: Network and Distributed System Security Symposium（NDSS）, San Diego, February 2004
5	Androulidakis G , Papavassiliou S . Improving network anomaly detection via selective flow-based sampling. IET Communications, 2008,2（3）: 399～409.
6	Zhang Y , Singh S , Sen S et al. Online identification of hierarchical heavy hitters:algorithms,evaluation and applications.In: The 4th ACM SIGCOMM Conference on Internet Measurement, Taormina, 2004
7	Charikar M , Chen K , Colton M F . Finding frequent items in data streams.In: Proceedings of the 29th International Colloquium on Automata,Languages and Programming, Springer-Verlag, 2002
8	Demaine E , Ortiz A L , Munro J I . Frequency estimation of Internet packet streams with limited space.In: The 10th Annual European Symposium on Algorithms, Springer-Verlag, 2002
9	Barakat C , Iannaccone G , Diot C . Ranking flows from sampled traffic.In: The 2005 ACM Conference on Emerging Network Experiment and Technology, Toulouse, 2005
10	Haining Wang , Danlu Zhang , Shin K G . Change-point monitoring for the detection of DoS attacks. IEEE Transactions on Dependable and Secure Computing, 2004,1（4）:193～208.
11	Cormode G , Muthukrishnan S . An improved data stream summary:the count-min sketch and its applications. Journal of Algorithms, 2005,55（1）:58～75.
12	Cormode G , Muthukrishnan S . Whatˊs hot and whatˊs not:tracking most frequent items dynamically.In: The Twenty-Second ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems, San Diego, 2003
13	Manku G , Motwani R . Approximate frequency counts over data streams.In: The 28th International Conference on Very Large Data Bases, August 2002
14	Metwally A , Agrawal D , Abbadi A . Efficient computation of frequent and top-k elements in data streams. Database Theory-ICDT 2005, 2005:398～412.
15	Lee W , Stolfo S J . A framework for constructing features and models for intrusion detection systems. ACM Transactions on Information and System Security, 2000,3（4）:227～261.
16	Barbarra D , Couto J , Jajodia S , et al. ADAM:detecting intrusions by data mining.In: Proceedings of the 2001 IEEE,Workshop on Information Assurance and Security, West Point, 2001
17	Staniford S , Hoagland J A , stealthy J M . Practical automated detection of stealthy portscans Journal of Computer Security, 2002,10（1-2）:105～136.

[1]	王铭鑫,周华春,陈佳,张宏科. 一种SDN中基于熵值计算的异常流量检测方法[J]. 电信科学, 2015, 31(9): 83-89.
[2]	张家华,杨种学,王江平,史煜凯,魏亮. 融合DDoS威胁过滤与路由优化的SDN通信质量保障策略[J]. 电信科学, 2015, 31(4): 120-126.
[3]	叶晰,温武少,叶依如. 基于动态口令的应用层DDoS攻击防御方案[J]. 电信科学, 2012, 28(10): 88-93.
[4]	杜成,徐川,唐红. DDoS攻击检测研究综述[J]. 电信科学, 2011, 27(3): 85-89.

基于heavy hitter流提取的网络异常检测优化研究

Optimizing Network Anomalous Detection Via Heavy Hitter Identification

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 7

参考文献 17

相关文章 4

Metrics

推荐阅读 0