Air Defence Forces Academy of PLA

Zhengzhou, China

Air Defence Forces Academy of PLA

Zhengzhou, China
SEARCH FILTERS
Time filter
Source Type

Li Y.,National Digital Switching System Engineering Technical Researching Center | Li Y.,Air Defence Forces Academy of PLA | Li Y.,Science and Technology on Information Transmission and Dissemination in Communication Networks Laboratory | Luo X.,National Digital Switching System Engineering Technical Researching Center | And 2 more authors.
Mathematical Problems in Engineering | Year: 2015

Network anomaly detection and localization are of great significance to network security. Compared with the traditional methods of host computer, single link and single path, the network-wide anomaly detection approaches have distinctive advantages with respect to detection precision and range. However, when facing the actual problems of noise interference or data loss, the network-wide anomaly detection approaches also suffer significant performance reduction or may even become unavailable. Besides, researches on anomaly localization are rare. In order to solve the mentioned problems, this paper presents a robust multivariate probabilistic calibration model for network-wide anomaly detection and localization. It applies the latent variable probability theory with multivariate t-distribution to establish the normal traffic model. Not only does the algorithm implement network anomaly detection by judging whether the sample's Mahalanobis distance exceeds the threshold, but also it locates anomalies by contribution analysis. Both theoretical analysis and experimental results demonstrate its robustness and wider use. The algorithm is applicable when dealing with both data integrity and loss. It also has a stronger resistance over noise interference and lower sensitivity to the change of parameters, all of which indicate its performance stability. © 2015 Yuchong Li et al.


Chen Y.,Northwestern Polytechnical University | Chen Y.,Zhengzhou University | Chen Y.,Science and Technology on Information Transmission and Dissemination in Communication Networks Laboratory | Zhou W.,Northwestern Polytechnical University | And 3 more authors.
Tongxin Xuebao/Journal on Communications | Year: 2016

Aiming at the inference performance descending of CLINK algorithm in dynamic routing IP network, a kind of variable structure discrete dynamic Bayesian network model was established. Based on the simple model after introducing assumptions of Markov property and time-homogeneity,a kind of congested link inference algorithm VSDDB was proposed. Successive over relaxation iterative algorithm was introduced to solve the link congested prior probabilities, based on the Bayesian maximum a-posterior criterion,a kind of weighted heuristic greedy algorithm was used to infer the set of congested links.The experimental results have shown that the VSDDB algorithm has better inference performance. © 2016, Editorial Board of Journal on Communications. All right reserved.


Li Y.-C.,National Digital Switching System Engineering Technical Researching Center | Li Y.-C.,Science and Technology on Information Transmission and Dissemination in Communication Networks Laboratory | Luo X.-G.,National Digital Switching System Engineering Technical Researching Center | Qian Y.-K.,Air Defence Forces Academy of PLA | Zhao X.,Air Defence Forces Academy of PLA
Tongxin Xuebao/Journal on Communications | Year: 2015

Anomaly detection algorithm based on robust multivariate probabilistic calibration model was proposed. This algorithm established normal status model of traffic flow matrix based on the latent variable probability model of multivariate t-distribution. The algorithm implemented network anomaly detection by comparing Mahalanobis distance between samples and normal status model. Theoretical analysis and experiments demonstrate its robustness and wide application. The algorithm is applicable when dealing with both data integrity and loss. It also has a stronger resistance over noise interference and lower sensitivity on model parameters, all of which indicate its performance stability. © 2015, Editorial Board of Journal on Communications. All right reserved.


Li B.-N.,National Digital Switching System Engineering Technical Researching Center | Li B.-N.,Air Defence Forces Academy of PLA | Yao D.,National Digital Switching System Engineering Technical Researching Center | Qian Y.-K.,Air Defence Forces Academy of PLA
IET Conference Publications | Year: 2013

Although PCA (principal component analysis) based multivariate anomaly detection algorithm can perform detection task, it cannot satisfy the needs of online detection due to the time complexity. To conquer this limitation, a multivariate online anomaly detection algorithm based on incremental PCA (IPCA) was proposed. The algorithm constructed normal model of traffic matrix incrementally and implemented online detection with this model. Analysis with Internet real traffic data and simulation data shows that this algorithm can perform online anomaly detection effectively.


Li B.,National Digital Switching System Engineering Technical Researching Center | Li B.,Air Defence Forces Academy of PLA | Qian Y.,Air Defence Forces Academy of PLA | Luo X.,National Digital Switching System Engineering Technical Researching Center
Nanjing Li Gong Daxue Xuebao/Journal of Nanjing University of Science and Technology | Year: 2015

Aiming at the problems that previous anomaly detection methods either focus on the single link/path, or need sophisticated monitoring techniques based on the traffic matrix, the round-trip time(RTT)matrix model is constructed. The concept RTT matrix subspace is introduced and the analysis method based on the RTT matrix subspace(ARMS for short)is put forward. In order to verify the feasibility of ARMS, the real measurement data from Abilene show that ARMS can satisfy two preconditions for the anomaly detection. Simulation experiments on NS2 show that ARMS can detect the anomaly network more accurately than traditional time series analysis, the detection effect is better when the abnormal traffic augments or is distributed more widely, and it is unrelated with the network topology size. ©, 2015, Nanjing University of Science and Technology. All right reserved.


Li Y.,National Digital Switching System Engineering Technical Researching Center | Li Y.,Air Defence Forces Academy of PLA | Luo X.,National Digital Switching System Engineering Technical Researching Center | Li B.,National Digital Switching System Engineering Technical Researching Center
Proceedings - IEEE Military Communications Conference MILCOM | Year: 2015

Detecting network anomalies means a lot to network security. In respect of detection precision and range, network-wide anomaly detection approaches on the basis of traffic flows have distinctive advantages over the methods of the traditional host computer, single link and single path. However, these approaches face actual problems of performance reduction or being unavailable when noise interference or data loss take place. In order to solve these problems, anomaly detection algorithm based on robust multivariate probabilistic calibration model is proposed. This algorithm establishes a normal traffic model of traffic matrix based on the latent variable probability model of multivariate t-distribution, and implements network anomaly detection by judging if the sample's Mahalanobis distance exceeds the threshold. Both theoretical analysis and experimental results demonstrate its robustness and wider use. The algorithm is applicable when dealing with both data integrity and loss. It also has a stronger resistance over noise interference and lower sensitivity to the change of parameters, all of which indicate its performance stability. © 2015 IEEE.

Loading Air Defence Forces Academy of PLA collaborators
Loading Air Defence Forces Academy of PLA collaborators