当前位置:
X-MOL 学术
›
Secur. Commun. Netw.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
Characterizing Network Anomaly Traffic with Euclidean Distance-Based Multiscale Fuzzy Entropy
Security and Communication Networks Pub Date : 2021-06-16 , DOI: 10.1155/2021/5560185 Renjie Zhou 1, 2, 3 , Xiao Wang 2 , Jingjing Yang 4 , Wei Zhang 2, 3 , Sanyuan Zhang 1
Security and Communication Networks Pub Date : 2021-06-16 , DOI: 10.1155/2021/5560185 Renjie Zhou 1, 2, 3 , Xiao Wang 2 , Jingjing Yang 4 , Wei Zhang 2, 3 , Sanyuan Zhang 1
Affiliation
The prosperity of mobile networks and social networks brings revolutionary conveniences to our daily lives. However, due to the complexity and fragility of the network environment, network attacks are becoming more and more serious. Characterization of network traffic is commonly used to model and detect network anomalies and finally to raise the cybersecurity awareness capability of network administrators. As a tool to characterize system running status, entropy-based time-series complexity measurement methods such as Multiscale Entropy (MSE), Composite Multiscale Entropy (CMSE), and Fuzzy Approximate Entropy (FuzzyEn) have been widely used in anomaly detection. However, the existing methods calculate the distance between vectors solely using the two most different elements of the two vectors. Furthermore, the similarity of vectors is calculated using the Heaviside function, which has a problem of bouncing between 0 and 1. The Euclidean Distance-Based Multiscale Fuzzy Entropy (EDM-Fuzzy) algorithm was proposed to avoid the two disadvantages and to measure entropy values of system signals more precisely, accurately, and stably. In this paper, the EDM-Fuzzy is applied to analyze the characteristics of abnormal network traffic such as botnet network traffic and Distributed Denial of Service (DDoS) attack traffic. The experimental analysis shows that the EDM-Fuzzy entropy technology is able to characterize the differences between normal traffic and abnormal traffic. The EDM-Fuzzy entropy characteristics of ARP traffic discovered in this paper can be used to detect various types of network traffic anomalies including botnet and DDoS attacks.
中文翻译:
用基于欧几里德距离的多尺度模糊熵表征网络异常流量
移动网络和社交网络的繁荣给我们的日常生活带来了革命性的便利。但是,由于网络环境的复杂性和脆弱性,网络攻击越来越严重。网络流量的表征通常用于对网络异常进行建模和检测,最终提高网络管理员的网络安全意识能力。作为表征系统运行状态的工具,多尺度熵(MSE)、复合多尺度熵(CMSE)和模糊近似熵(FuzzyEn)等基于熵的时间序列复杂度测量方法在异常检测中得到了广泛的应用。然而,现有方法仅使用两个向量的两个最不同的元素来计算向量之间的距离。此外,使用Heaviside函数计算向量的相似度,存在0和1之间反弹的问题。 提出了基于欧几里德距离的多尺度模糊熵(EDM-Fuzzy)算法来避免这两个缺点并测量系统的熵值更准确、准确、稳定地发出信号。本文应用EDM-Fuzzy分析僵尸网络网络流量和分布式拒绝服务(DDoS)攻击流量等异常网络流量的特征。实验分析表明,EDM-Fuzzy熵技术能够表征正常流量和异常流量之间的差异。本文发现的 ARP 流量的 EDM-Fuzzy 熵特征可用于检测各种类型的网络流量异常,包括僵尸网络和 DDoS 攻击。
更新日期:2021-06-17
中文翻译:
用基于欧几里德距离的多尺度模糊熵表征网络异常流量
移动网络和社交网络的繁荣给我们的日常生活带来了革命性的便利。但是,由于网络环境的复杂性和脆弱性,网络攻击越来越严重。网络流量的表征通常用于对网络异常进行建模和检测,最终提高网络管理员的网络安全意识能力。作为表征系统运行状态的工具,多尺度熵(MSE)、复合多尺度熵(CMSE)和模糊近似熵(FuzzyEn)等基于熵的时间序列复杂度测量方法在异常检测中得到了广泛的应用。然而,现有方法仅使用两个向量的两个最不同的元素来计算向量之间的距离。此外,使用Heaviside函数计算向量的相似度,存在0和1之间反弹的问题。 提出了基于欧几里德距离的多尺度模糊熵(EDM-Fuzzy)算法来避免这两个缺点并测量系统的熵值更准确、准确、稳定地发出信号。本文应用EDM-Fuzzy分析僵尸网络网络流量和分布式拒绝服务(DDoS)攻击流量等异常网络流量的特征。实验分析表明,EDM-Fuzzy熵技术能够表征正常流量和异常流量之间的差异。本文发现的 ARP 流量的 EDM-Fuzzy 熵特征可用于检测各种类型的网络流量异常,包括僵尸网络和 DDoS 攻击。
京公网安备 11010802027423号