高级检索

    基于低秩分解的网络异常检测综述

    Survey of Network Anomaly Detection Based on Low-Rank Decomposition

    • 摘要: 异常检测对于网络管理与安全至关重要.国内外大量研究提出了一系列网络异常检测方法,其中大多数方法更关注数据包及其独立时序数据流的分析、检测与告警,这类方法仅仅利用了网络数据之间的时间相关性,无法检测新类型的网络异常,且难以定位以及剔除异常数据.为了解决上述问题,相关研究融合多时间序列数据流,提出基于低秩分解的网络异常检测方法.该方法充分利用网络数据之间的时间-空间相关性,无监督地定位异常数据所在位置,同时将异常数据剔除,从而还原网络正常数据.首先,根据其对正常数据与异常数据的不同类型约束,将基于低秩分解的异常检测方法分为4类,并介绍每一类方法的基本思想和优缺点;然后,探讨现有基于低秩分解的异常检测方法存在的挑战;最后,对未来可能的发展趋势进行了展望.

       

      Abstract: Network anomaly detection is essential for network management and network security. Over the years, a large number of domestic and foreign documents have proposed a series of network anomaly detection methods, most of which focus on the analysis, detection and warning of data packets and independent time series data streams. This kind of method only uses the temporal correlation between network data and it is difficult to detect new types of network anomalies, locate and eliminate abnormal data. In order to solve the above problems, some literatures integrate multiple time series data streams and study network anomaly detection methods based on low-rank decomposition. These methods make full use of the spatio-temporal correlation between network data, and they could locate the location of abnormal data without supervision, and eliminate the abnormal data at the same time, so as to restore the normal data of the network. We firstly analyze the anomaly detection methods based on low-rank decomposition. The methods are divided into four categories according to its different constraints on normal data and abnormal data, and the basic ideas, advantages and disadvantages of each method are introduced. Then, the challenges of existing anomaly detection methods based on low-rank decomposition are analyzed. Finally, the possible future development trends are predicted.

       

    /

    返回文章
    返回