针对特征值匹配方法不能检测未知异常的缺点以及常驻采集代理占用大量系统资源的问题,提出一种主机数据采集和异常检测方法.采用智能化的移动代理实现主机数据采集,大幅度降低系统中数据采集代理的数量;结合实时异常检测的需求,采用主成分分析方法对所收集的主机信息进行维度约减,并采用聚类方法对降维后的数据进行聚类分析,挖掘其中的异常点;为消除随机异常点对检测结果的影响,采用基于连续时间窗口的主机异常检测方法实现主机异常的准确检测.实验结果表明:与传统方法相比,数据规模相当的情况下,所提方法的时间复杂度减少了50%以上,检测准确率达到了95%以上,适用于主机异常的实时检测.%A new method for data collection and anomaly detection of hosts is proposed to focus on the problems that the methods based on signature matching cannot detect unknown anomaly and data collection agents occupy too many host resources.Intelligent mobile agents are employed to perform data collection so that the number of collection agents is greatly reduced.In order to achieve the goal of online anomaly detection,the principal component analysis method is employed to reduce the dimension of the data,and the clustering method is used to mine the abnormal events.The host anomaly detection method based on continuous time windows is adopted to eliminate the influence of random outliers.Experimental results show that the proposed method has lower computational complexity and higher detection accuracy,and for same number of records the time complexity is reduced by more than 50% and the detection accuracy is above 95%,compared with conventional method.It is concluded that the method is suitable for real-time detection of host anomaly.
展开▼
