网络流量异常检测对于保证网络稳定高效运行极为重要.目前基于主成分分析(PCA)的全网络异常检测算法虽然发挥了关键作用,但它还存在着受毒害攻击而失效的问题.为此,深入分析了毒害攻击的机制并对其进行了分类,提出了量化毒害流量的两个测度,并给出了3种新的毒害攻击机制;提出了一种基于健壮PCA的异常检测算法RPCA以抵御毒害攻击.模拟试验结果表明,RPCA算法在受到多种毒害攻击时仍然具有很好的检测性能,明显优于PCA异常检测器,且运行时间能够满足实际网络异常检测的需求.%Network traffic anomaly detection is crucial to guarantee stable and effective network operation. Nowadays, although PCA-based network-wide anonaly detector plays an important role,it camot detect anomalous network trraffic effectively in face of poison attacks. In order to solve poison attack problem aiming at PCA-based anomaly detector, poison attack strategies are investigated and classified, two metrics for quantifying poison traffic are proposed and three novel poison attack strrategies are put forward. A robust PCA-based anomaly detection algorithm (for short RPCA) is proposed to resist poison atnacks. Simulation experiment results show that RPCA algorithm can still perform very well in face of poison attacks, obviously superior to PCA-based anomaly detector,and its running time can satisfy the need of practical network anomaly detection.
展开▼
