计算机工程与应用 ›› 2008, Vol. 44 ›› Issue (24): 128-131.DOI: 10.3778/j.issn.1002-8331.2008.24.038

• 网络、通信、安全 • 上一篇    下一篇

基于NetFlow时间序列的网络异常检测

贾冠昕1,杨 波2,陈贞翔2,彭立志2   

  1. 1.济南大学 图书馆,济南 250022
    2.济南大学 信息科学与工程学院 网络中心,济南 250022
  • 收稿日期:2007-10-31 修回日期:2008-01-21 出版日期:2008-08-21 发布日期:2008-08-21
  • 通讯作者: 贾冠昕

Detecting network anomalies based on NetFlow time series

JIA Guan-xin1,YANG Bo2,CHEN Zhen-xiang2,PENG Li-zhi2   

  1. 1.Library,University of Jinan,Jinan 250022,China
    2.School of Information Science and Engineering,University of Jinan,Jinan 250022,China
  • Received:2007-10-31 Revised:2008-01-21 Online:2008-08-21 Published:2008-08-21
  • Contact: JIA Guan-xin

摘要: 网络流量在正常运行的情况下是具有一定的周期性、稳定性的,异常流量会打破这种规律使流量产生异常波动。提出了一种基于NetFlow时间序列滑动窗口检测网络异常的方法,利用时间序列异常发现算法发现网络流量的异常波动从而实现了实时高效的异常流量发现及预警。已经被检测到的网络异常会持续产生预警信息并影响后续的异常检测,为此还提出了两种平抑异常的方法。实验结果表明该方法能够有效地发现网络异常。

关键词: NetFlow, 时间序列, 网络异常

Abstract: Network traffic shows periodicity and stability when network works normally,but network anomaly would break this rule.This paper presents a novel method which can find out network anomalies based on NetFlow time series sliding window.Using the time-series-based anomaly finding theory,the method realizes real-time finding network anomalies and making announcement of anomalies.To prevent an anomaly from persistent announcement and disturbing following detection,this paper also presents two ways to ignore announced anomalies.The results show that the method differentiates anomalies efficiently.

Key words: NetFlow, time series, network anomaly