Abstract
Abstract
This paper proposes a method for detecting abnormal interactions among intranet groups based on netflow data. Firstly, the netflows of each group are aggregated, and two anomaly detection indicators are constructed, i.e., the group network traffic and the uncertainty of group network traffic distribution. Secondly, the time series of two anomaly detection indicators of each group are analyzed, and four prediction models are used for prediction. Finally, the best-performing model is selected as the prediction benchmark, and the difference between the predicted result and the real data is used to detect whether there is an interaction anomaly among groups. The experimental results show that the proposed method can effectively detect the abnormal interaction among groups in intranet.
Reference16 articles.
1. Time series data feature extraction method suitable for classification in data mining [J];Zhu;Computer system application,2012
2. Diagnosing Network-Wide Traffic Anomalies[C];Crovella;ACM SIGCOM,2004
3. On non-scale invariant infinitely divisible cascades[J];Chainais;IEEE Trans. On Information Theory,2005
Cited by
1 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献