在线咨询
中国工业与应用数学学会会刊
主管:中华人民共和国教育部
主办:西安交通大学
ISSN 1005-3085  CN 61-1269/O1
工程数学学报

工程数学学报 ›› 2017, Vol. 34 ›› Issue (5): 479-489.doi: 10.3969/j.issn.1005-3085.2017.05.004

• • 上一篇    下一篇

基于逻辑回归模型的流量异常检测方法研究

侯爱华1,   高   伟2,   汪   霖3   

  1. 1- 西安理工大学高等技术学院,西安  710082
    2- 陕西省地方税务局,西安  710002
    3- 西北大学信息科学与技术学院,西安  710127
  • 收稿日期:2016-12-03 接受日期:2017-05-05 出版日期:2017-10-15 发布日期:2017-12-15
  • 通讯作者: 汪 霖 E-mail: wanglin@nwu.edu.cn
  • 基金资助:
    中国博士后科学基金(2014M560801);陕西省自然科学基础研究计划项目(2014JQ8327).

Research on Traffic Anomaly Detection Method Based on the Logistic Regression Model

HOU Ai-hua1,   GAO Wei2,   WANG Lin3   

  1. 1- School of Higher Vocational and Technical Education, Xi'an University of Technology, Xi'an 710082
    2- Shaanxi Local Taxation Bureau, Xi'an 710002
    3- School of Information Science and Technology, Northwest University, Xi'an 710127
  • Received:2016-12-03 Accepted:2017-05-05 Online:2017-10-15 Published:2017-12-15
  • Contact: L. Wang. E-mail address: wanglin@nwu.edu.cn
  • Supported by:
    The Foundation of China Postdoctoral Science (2014M560801); the Natural Science Foundation of Shaanxi Province (2014JQ8327).

PDF (PC)

430

被引次数

3

摘要: 网络流量作为异常检测的基本数据源,其行为特征的准确描述,是网络异常行为实时检测的重要依据.本文针对流量异常检测问题,提出了一种基于逻辑回归模型的网络流量异常检测方法.通过分析源IP、目的IP等多个网络流量基本特征,构造了网络异常行为和正常行为的训练机,并且在此基础上采用逻辑回归建立起网络异常流量挖掘模型.利用实验室所采集的真实网络流量对所构建的模型进行检测,以验证该模型的有效性.实验结果表明本文所建立的网络模型在异常流量挖掘方面准确度高、实时性好.

关键词: 逻辑回归, 机器学习, 异常检测, 大数据处理

Abstract: Network traffic is a basic data source of anomaly detection, and the accurate description of its behavioral characteristics plays an important role in real-time network abnormal behavior detection. To solve the problem of traffic anomaly detection, a logistic regression model-based network traffic anomaly detection method is proposed in this paper. By analyzing several basic characteristics of network traffic such as source IP and destination IP, the training machine of network abnormal and normal behaviors is constructed. Then, the mining model of anomaly network traffic is established by using logical regression. To valid the effectiveness of the proposed mining model, real network traffic collected by our lab is applied to test the model. Experimental results show that the proposed mining model of the network abnormal traffic is able to yield high accuracy, and achieve real-time performance as well.

Key words: logistic regression, machine learning, anomaly detection, big data analysis

中图分类号: