计算机工程与应用 ›› 2014, Vol. 50 ›› Issue (24): 104-108.

• 网络、通信、安全 • 上一篇    下一篇

基于NetFlow的特征感知自适应的流采样方法

刘晨光1,刘伟辉2,燕丽艳1   

  1. 1.江苏师范大学 信息网络中心,江苏 徐州 221116
    2.江苏师范大学 图书馆,江苏 徐州 221116
  • 出版日期:2014-12-15 发布日期:2014-12-12

Feature perception adaptive flow sampling method based on NetFlow

LIU Chenguang1, LIU Weihui2, YAN Liyan1   

  1. 1.Center of Information & Network Technology, Jiangsu Normal University, Xuzhou, Jiangsu 221116, China
    2.Library, Jiangsu Normal University, Xuzhou, Jiangsu 221116, China
  • Online:2014-12-15 Published:2014-12-12

摘要: 采样是网络异常检测中数据采集的主要方法。而网络流的持续时间、数据包的大小、异常流量出现的频率等都在不断变化,给准确的采样带来很多负面的影响。为此,提出了特征感知的自适应采样技术,在流量特征不断变化的情况下可以自动调整采样率,并将它和随机采样技术、选择采样技术进行比较,研究了这些采样技术在网络行为分析系统中保留网络特征的能力,实验结果表明此方法在保留网络特征和异常检测质量评估中,明显优于其他方法。

关键词: 异常检测, 采样技术, 特征感知, NetFlow协议, 采样模型, 采样算法

Abstract: Sampling is a major method in data acquisition in network anomaly detection. But different duration of flow, different sizes of the packet and different frequency of abnormal flow have brought about measurable negative impact on the accurate sampling. For this, this paper presents a feature perception adaptive sampling technique which can adjust the sampling rate when context is changing. Compared the adaptive sampling with the random sampling and the choice sampling, it studies the technology on retaining network feature in network behavior analysis system. The experimental result shows that the method is superior to others in retained network feature and quality assessment of anomaly detection.

Key words: anomaly detection, sampling technology, feature perception, NetFlow protocol, sampling model, sampling algorithm