| 引用本文: |
-
肖海涛,刘玉岭,姜波,张辰,卢志刚,韩正平.网络流量异常检测研究综述[J].信息安全学报,已采用 [点击复制]
- XIAO Haitao,LIU Yuling,JIANG Bo,ZHANG Chen,LU Zhigang,HAN Zhengpin.A Survey on Network Traffic Anomaly Detection[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 随着信息化应用规模的扩大,以高级可持续威胁攻击为代表的新型威胁逐渐兴起,如何从海量正常的流量中发现攻击和威胁的异常数据已变得重要且实用。本文从网络流量异常检测的背景知识与评估标准入手,介绍了网络流量异常检测问题的相关背景,并对常用数据集和评估指标进行了归纳整理,然后从网络流量异常检测实现方法的角度,对现有的网络流量异常检测技术进行了分类与梳理,最后讨论了当前网络流量异常检测技术存在的主要问题,并给出其未来可能的发展趋势。 |
| 关键词: 异常检测 流量分析 高级可持续威胁 |
| DOI: |
| 投稿时间:2021-01-22修订日期:2021-05-19 |
| 基金项目:国家重点基础研究发展计划(973计划),国家自然科学基金项目(面上项目,重点项目,重大项目),中国科学院重大资助项目 |
|
| A Survey on Network Traffic Anomaly Detection |
|
XIAO Haitao, LIU Yuling, JIANG Bo, ZHANG Chen, LU Zhigang, HAN Zhengpin
|
| (Institute of Information Engineering,Chinese Academy of Sciences) |
| Abstract: |
| With the expansion of the scale of informatization application, new types of threats represented by advanced persistent threat attacks have gradually emerged. How to find abnormal data of attacks and threats from massive normal traffic has become important and practical. Starting with the background and evaluation criteria of network anomaly detection, this paper introduces the background of network anomaly detection and summarizes the commonly used datasets and evaluation indicators. Then, we classify and summarize the existing network anomaly detection technologies in terms of the implementation methods. Finally, we discuss the main problems in the current research and give the possible development trends. |
| Key words: anomaly detection network traffic analysis advanced persistent threat |
