Air Defence Forces Command Academy of PLA

Zhengzhou, China

Air Defence Forces Command Academy of PLA

Zhengzhou, China
SEARCH FILTERS
Time filter
Source Type

Qian Y.-K.,PLA University of Science and Technology | Qian Y.-K.,Air Defence Forces Command Academy of PLA | Chen M.,PLA University of Science and Technology
Tien Tzu Hsueh Pao/Acta Electronica Sinica | Year: 2011

Network traffic anomaly detection is crucial to guarantee stable and effective network operation. Nowadays, although PCA-based network-wide anomaly detector plays an important role, it cannot detect anomalous network traffic effectively in face of poison attacks. In order to solve poison attack problem aiming at PCA-based anomaly detector, poison attack strategies are investigated and classified, two metrics for quantifying poison traffic are proposed and three novel poison attack strategies are put forward. A robust PCA-based anomaly detection algorithm (for short RPCA) is proposed to resist poison attacks. Simulation experiment results show that RPCA algorithm can still perform very well in face of poison attacks, obviously superior to PCA-based anomaly detector, and its running time can satisfy the need of practical network anomaly detection.


Qian Y.-K.,PLA University of Science and Technology | Qian Y.-K.,Air Defence Forces Command Academy of PLA | Chen M.,PLA University of Science and Technology | Hao Q.,Air Defence Forces Command Academy of PLA | And 2 more authors.
Tongxin Xuebao/Journal on Communications | Year: 2011

A method for online detecting & classifying traffic anomalies (ODC for short) from a network-wide angle of view was put forward. This method constructed traffic matrix with a metric of traffic feature entropy incrementally, detected traffic anomalies online using incremental principal component analysis, and then classified traffic anomalies online using incremental k-means, from which network operators could benefit for taking corresponding countermeasures. Theoretical analysis and experiment analysis show that the method has lower storage and less computing time complexity, which could satisfy the requirements of real-time process. Analysis based on both measurement data from Abilene and simulation experiments demonstrate that the method has very good detection and classification performance.


Qian Y.-K.,PLA University of Science and Technology | Qian Y.-K.,Air Defence Forces Command Academy of PLA | Chen M.,PLA University of Science and Technology
Tongxin Xuebao/Journal on Communications | Year: 2011

Network anomaly detection is critical to guarantee stabilized and effective network operation. Although PCA-based network-wide anomaly detection algorithm has good detection performance, it cannot satisfy demands of online detection. In order to solve the problem, after traffic matrix model was introduced, a normality model of traffic was constructed using SVR and the sparsification of support vector solutions. Based on these, a multivariate online anomaly detection algorithm based on SVR named MOADA-SVR was proposed. Theoretic analysis showed that MOADA-SVR had lower storage and less computing overhead compared with PCA. Analysis for traffic matrix datasets Internet showed that MOADA-SVR had also good detection performance, approximating PCA.


Qian Y.-K.,PLA University of Science and Technology | Qian Y.-K.,Air Defence Forces Command Academy of PLA | Chen M.,PLA University of Science and Technology
Dianzi Yu Xinxi Xuebao/Journal of Electronics and Information Technology | Year: 2010

Currently, traffic matrices have been applied to anomaly detection, traffic forecasting and traffic engineering widely, but existing researches only find the linear structure of traffic matrix. In order to search the nonlinear structure of traffic matrix, a traffic matrix model is constructed and traffic matrix datasets are collected from real Internet backbone Abilene. Using classical manifold learning algorithms, based on measurement data from Abilene find that these traffic matrix datasets with high dimensionality (81 or 121 dimensions) have a intrinsic dimensionality of 5 and have all kinds of manifold structures in low-dimension embedding space, influenced by sampling density and noise data.


Qian Y.-K.,PLA University of Science and Technology | Qian Y.-K.,Air Defence Forces Command Academy of PLA | Chen M.,PLA University of Science and Technology
Dianzi Yu Xinxi Xuebao/Journal of Electronics and Information Technology | Year: 2010

Network anomaly detection is critical to guarantee stabilized and effective network operation. Although PCA-based network-wide anomaly detection algorithm has good detection performance, it can not satisfy demands of online detection. In order to solve the problem, the traffic matrix model is introduced and a Multivariate Online Anomaly Detection Algorithm based on Singular Value Decomposition Updating named MOADA-SVDU is proposed. The algorithm constructs normal subspace and abnormal subspace incrementally and implements online detection of network traffic anomalies. Theoretic analysis shows that MOADA-SVDU has lower storage and less computing overhead compared with PCA. Analyses for traffic matrix datasets from Internet and simulation experiments show that MOADA-SVDU algorithm not only achieves online detection of network anomaly but also has very good detection performance.

Loading Air Defence Forces Command Academy of PLA collaborators
Loading Air Defence Forces Command Academy of PLA collaborators