一种基于时间序列分解的数据窃密事件检测方法研究

doi:10.3969/j.issn.1671-1122.2017.08.011

信息网络安全 ›› 2017, Vol. 17 ›› Issue (8): 76-82.doi: 10.3969/j.issn.1671-1122.2017.08.011

一种基于时间序列分解的数据窃密事件检测方法研究

安冉¹, 朱小波², 严寒冰²()

1. 北京航空航天大学计算机学院,北京 100191
2. 国家计算机网络应急技术处理协调中心,北京 100029

收稿日期:2017-06-20 出版日期:2017-08-20 发布日期:2020-05-12
作者简介:
作者简介：安冉（1993—）,男,内蒙古,硕士研究生,主要研究方向为网络安全、机器学习;朱小波（1987—）,男,江西,工程师,硕士,主要研究方向为网络安全;严寒冰（1975—）,男,江西, 教授级高级工程师,博士,主要研究方向为网络安全监测、应急响应处理、图形图像分析等。
基金资助:
国家科技支撑计划[2015BAK21B01]

Research on a Method of Data Theft Detection Based on Time Series Decomposition

Ran AN¹, Xiaobo ZHU², Hanbing YAN²()

1. School of Computer Science, Beihang University, Beijing 100191, China
2. National Computer Network Emergency Response Technical Team/Coordination Center of China, Beijing 100029, China

Received:2017-06-20 Online:2017-08-20 Published:2020-05-12

摘要/Abstract

摘要：

在网络安全领域中,数据窃密检测是重要的研究内容。文章提出一种应用在网络流量场景下的时间序列分解算法,将时间序列分解为季节性数据、趋势数据、残差数据3部分,采用滑动窗口内的中位数来更好地拟合趋势数据,并且针对离散单点进行了过滤。同时,将异常点所在时间范围作为算法的最后输出形式。文章提出利用信息熵工具有助于发现隐蔽性较高的数据窃密行为。文中将本文算法和Piecewise Median算法、STL算法进行对比,并在经信息熵处理后的时间序列上应用本文算法进行检测。实验表明,本文算法相对于Piecewise Median算法、STL算法有较大幅度的性能提升,数据窃密检测效果良好。

关键词: 大型服务器, 数据窃密, 时间序列分解, 滑动窗口

Abstract:

In the field of network security, data theft detection is an important part of research contents. This paper proposes a time series decomposition algorithm in network traffic scenarios which decomposes data into three parts of seasonal data, trend data and residual data. The algorithm uses median in sliding window to fit better with the trend data, filters discrete single points, and takes the time interval containing continuous outliers as the final output form of the algorithm. The paper proposes that the information entropy of payload length is helpful detecting the hidden data theft behaviors. In the part of experiment, the algorithm is compared with STL and Piecewise Median algorithm. The algorithm is used to detect the time series that are processed with information entropy tool. Experiments show that, compared with STL and Piecewise Median algorithm, this algorithm improves the performances greatly, data theft detection effect is well.

Key words: large-scale server, data theft, time series decomposition, sliding window

中图分类号:

TP309.1

安冉, 朱小波, 严寒冰. 一种基于时间序列分解的数据窃密事件检测方法研究[J]. 信息网络安全, 2017, 17(8): 76-82.

Ran AN, Xiaobo ZHU, Hanbing YAN. Research on a Method of Data Theft Detection Based on Time Series Decomposition[J]. Netinfo Security, 2017, 17(8): 76-82.

图/表 12

图1

图2

图3

图4

图5

图6

图7

图8

图9

图10

图11

图12

参考文献 20

[1]	李鑫,张维纬,隋子畅,等. 新型SQL注入及其防御技术研究与分析[J]. 信息网络安全,2016(2):66-73.
[2]	AHMED M, MAHMOOD A N, HU Jiankun.A Survey of Network Anomaly Detection Techniques[J]. Journal of Network & Computer Applications, 2016(60):19-31.
[3]	MARCHETTI M, PIERAZZI F, COLAJANNI M, et al.Analysis of High Volumes of Network Traffic for Advanced Persistent Threat Detection[J]. Computer Networks, 2016(109):127-141.
[4]	LAKHINA A, CROVELLA M, DIOT C.Mining Anomalies Using Traffic Feature Distributions[C]//ACM.ACM SIGCOMM 2005 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, August 22 - 26, 2005. Philadelphia, Pennsylvania, USA. New York: ACM, 2005:217-228.
[5]	KONDO S, SATO N.Botnet Traffic Detection Techniques by C&C Session Classification Using SVM[A]// Advances in Information and Computer Security[M]. Heidelberg:Springer-Verlag Berlin, Heidelberg, 2007:91-104.
[6]	ZHAO D, TRAORE I, SAYED B, et al.Botnet Detection Based on Traffic Behavior Analysis and Flow Intervals[J]. Computers & Security, 2013, 39(4):2-16.
[7]	陈明奇,洪学海,王伟,等. 关于网络安全和信息技术发展态势的思考[J]. 信息网络安全,2015(4):1-4.
[8]	VANIA J, MENIYA A, JETHVA H B. A Review on Botnet and Detection Technique[EB/OL]. ,2017-6-1.
[9]	BAHAA-ELDIN A M. Time Series Analysis based Models for Network Abnormal Traffic Detection[C]//IEEE.International Conference on Computer Engineering & Systems, November 29- December 1, 2011. Cairo, Egypt.NJ:IEEE, 2011:64-70.
[10]	陈善雄,彭茂玲,彭喜化. 一种基于偏最小二乘的网络入侵检测方法分析[J]. 信息网络安全,2016(1):6-10.
[11]	WÄLCHLI M, BRAUN T. Efficient Signal Processing and Anomaly Detection in Wireless Sensor Networks[A]// Applications of Evolutionary Computing[M]. Heidelberg: Springer-Verlag Berlin, Heidelberg, 2009:81-86.
[12]	BEREZIŃSKI P, JASIUL B, SZPYRKA M. An Entropy-based Network Anomaly Detection Method[J]. Entropy, 2015, 17(4):2367-2408.
[13]	CORBYN J.Time Series Analysis with Applications in R[J]. Journal of the Royal Statistical Society: Series A (Statistics in Society), 2011, 174(2):507.
[14]	HUANG S J, SHIH K R.Short-term Load Forecasting via ARMA Model Identification Including Non-Gaussian Process Considerations[J]. IEEE Transactions on Power Systems, 2003, 18(2): 673-679.
[15]	WEST M.Time Series Decomposition[J]. Biometrika, 1997,84(2): 489-494.
[16]	CLEVELAND R B, CLEVELAND W S.STL: A Seasonal-Trend Decomposition Procedure Based on Loess[J]. Journal of Official Statistics, 1990, 6(1):3-33.
[17]	ROSNER B.Percentage Points for a Generalized ESD Many-Outlier Procedure[EB/OL]. ,2017-6-1.
[18]	LIU Haiqin, KIM M S.Real-Time Detection of Stealthy DDoS Attacks Using Time-Series Decomposition[C]//IEEE.Communications (ICC), 2010 IEEE International Conference on, May 23-27, 2010. Cape Town, South Africa.NJ:IEEE, 2010: 1-6.
[19]	VALLIS O, HOCHENBAUM J, KEJARIWAL A. A Novel Technique for Long-Term Anomaly Detection in the Cloud[EB/OL]. ,2017-6-1.
[20]	Yahoo Finance.^IXIC Summary for NASDAQ composite[EB/OL]., 2017-6-13.

一种基于时间序列分解的数据窃密事件检测方法研究

Research on a Method of Data Theft Detection Based on Time Series Decomposition

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 12

参考文献 20

相关文章 1

编辑推荐

Metrics

本文评价