首先基于某电信公司2014年度的AAA服务日志文件,统计了其认证结果的比例分布,归纳了导致服务状态异常的数据源行为类型,即恶意登录和唯N性授权攻击。接着针对现有异常检测策略在效率和准确性上的不足,提出了一种基于参数替换的TF-IDF算法的服务状态异常检测机制,通过计算待筛选数据源与已确认的异常源集的关联度,高效地发现和确定其他异常源。最后通过模拟实验,验证了该机制的有效性和高效性。%Based on AAA service log files of a telecommunications company in 2014, the proportion distribution of authentication results was addressed, and then the behavior types of data sources leading to abnormal service state were summarized, i.e. malicious login and quantity limitation attack. According to the flaws of existing anomaly detection mechanisms in efficiency and accuracy, an anomaly detection mechanism based on TF-IDF algorithm with parameter replacement was proposed. It calculates the correlation between the data source to be filtered and the abnormal data source set to efficiently discover and confirm other abnormal data sources. Finally, simulation experiments verified the effectiveness and efficiency of the mechanism.
展开▼