基于流量数量的网络态势感知方法

doi:10.3969/j.issn.1006-2475.2025.06.009

摘要/Abstract

摘要： 摘要：网络状态的变化会严重影响基础设施的正常运行，并造成巨大的经济损失。现有的研究通过观察网络流量的变化来感知网络状态的变化。然而，由于缺乏量化指标，这些网络态势感知方法存在误报率较高、准确性较低等问题。为了解决这些问题，本文提出一种新的基于流量数量的网络态势感知方法来解决这些挑战。具体来说，基于公开数据集获取到的检测区域流量信息，首先，提出一种基于威尔逊分数的流量临界值确定算法，计算得到每条链路对应的流量临界值。然后，提出一种网络状态感知方案，通过监测检测区域内任意一条链路的流量数量是否低于本文给出的流量临界值并持续11 min来感知网络状态的变化。最后，本文使用来自公共测量基础设施（RIPE Atlas）的数据进行实验，以评估方法的性能。实验结果表明，本文方法可以有效地感知网络状态的变化。

关键词: 关键词：网络态势感知, 网络流量, 威尔逊分数, 临界值

Abstract: Abstract: Network anomalies can seriously influence the normal operation of infrastructure and cause huge financial losses. Existing studies perceived the changes of network state by observing the changes of network traffic. However， due to the lack of quantitative indicators， these cyberspace situational awareness methods have the problems of high false positive rate and low accuracy. This paper proposes a new cyberspace situational awareness method to address these challenges. Specifically， we use the public data set to obtain the traffic information of the links in the detection area. Firstly， a traffic critical value determination algorithm based on Wilson score is proposed to calculate the corresponding traffic threshold of each link. Secondly， a network state awareness scheme is proposed， which perceives the change of network state by monitoring whether the traffic volume of any link in the detection area is lower than the critical value and lasts for 11 minutes. Finally， this paper perform experiments with data from public measurement infrastructures （RIPE Atlas） to evaluate the performance of our approach， and the results show that our approach can effectively perceive the changes of network state.

Key words: Key words: cyberspace situational awareness, network traffic, Wilson score, critical value

中图分类号:

TP393

邝野1, 周末2, 刘策越1. 基于流量数量的网络态势感知方法[J]. 计算机与现代化, 2025, 0(06): 56-60.

KUANG Ye1, ZHOU Mo2, LIU Ceyue1. Cyberspace Situational Awareness Method Based on Traffic Volume[J]. Computer and Modernization, 2025, 0(06): 56-60.

参考文献

［1］孔珍，孔硕. 网络安全态势感知关键技术研究［J］. 中国信息化， 2022，11（4）:60-62.
［2］陈华山，皮兰，刘峰，等. 网络空间安全科学基础的研究前沿及发展趋势［J］. 信息网络安全， 2015，15（3）:1-5.
［3］李留英. 基于大数据的网络空间安全战略的构建［J］. 数字图书馆论坛， 2014，32（2）:16-19.
［4］申志伟，辛叶舟. 基于新技术的网络空间安全架构分析［J］. 互联网天地， 2015，12（10）:20-23.
［5］ KISANGA P， WOUNGANG I. Network anomaly detection using a graph neural network［C］// 2023 International Conference on Computing， Networking and Communications. IEEE， 2023:61-65.
［6］李程雄. 网络安全态势感知系统关键技术研究［J］. 电子技术与软件工程， 2022，45（23）:231-233.
［7］ ROY B， ACHARYA I， PAPALKAR D， et al. Top-performing unifying architecture for network intrusion detection in SDN using fully convolutional network［C］// 2023 5th International Conference on Inventive Research in Computing Applications. IEEE， 2023:1340-1344.
［8］ LEE B S， KIM J W， CHOI M J. Federated learning based network intrusion detection model［C］// 2023 24st Asia-Pacific Network Operations and Management Symposium. IEEE， 2023:330-333.
［9］ GUMMADI A N， NAPIER J C， ABDALLAH M. XAI-IoT: An explainable AI framework for enhancing anomaly detection in IoT systems［J］. IEEE Access. 2024，20（24）:1-2.
［10］ NAKIP M， GELENBE E. Online self-supervised deep learning for intrusion detection systems［J］. IEEE Transactions on Information Forensics and Security， 2024.109（21）:160-174.
［11］ MARKOPOULOU A， IANNACCONE G， BHATTACHARY
YA S， et al. Characterization of failures in an operational IP backbone network［J］. IEEE/ACM Transactions on Networking， 2008，16（4）:749-762.
［12］ RUSSELL P， ELSAYED M A， NANDY B， et al. On the fence: Anomaly detection in IoT networks［C］// NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium. IEEE， 2023:1-4.
［13］ KUANG Y， LI D， HUANG X. KL‐Dection: An approach to detect network outages based on key links［J］. Wireless Communications and Mobile Computing， 2022，20（22）:1-11.
［14］ KUANG Y， LI D D， HUANG X H， et al. On the modeling of RTT time series for network anomaly detection［J］. Security and Communication Networks， 2022，20（22）:1-12.
［15］ HEIDEMANN J， QUAN L， PRADKIN Y. A preliminary analysis of network outages during hurricane sandy［C］// In Proceedings of the ACM Special Interest Group on Data Communication. ACM， 2012:211–221.
［16］ DAINOTTI A， SQUARCELLA C， ABEN E， et al. Analysis of country-wide internet outages caused by censorship［J］. IEEE/ACM Transactions on Networking， 2014，22（6）:1964-1977.
［17］ QUAN L， HEIDEMANN J， PRADKIN Y. Trinocular: Understanding internet reliability through adaptive probing ［C］// In Proceedings of the ACM Special Interest Group on Data Communication. ACM， 2013:255-266.
［18］ PADMANABHAN R， SCHULMAN A， LEVIN D， et al. Residential links under the weather ［C］// In Proceedings of the ACM Special Interest Group on Data Communication. ACM， 2019:145-158.
［19］ SUNDARESAN S， DENG X H， FENG Y， et al. Challenges in inferring internet congestion using throughput measurements［C］// Proceedings of the 2017 Internet Measurement Conference. ACM， 2017:43-56.
［20］ DI BARTOLOMEO M， DI DONATO V， PIZZONIA M， et al. Extracting routing events from traceroutes: A matter of empathy［J］. IEEE/ACM Transactions on Networking， 2019，27（3）:1000-1012.
［21］ FONTUGNE R， PELSSER C， ABEN E， et al. Pinpointing delay and forwarding anomalies using large-scale traceroute measurements［C］// Proceedings of the 2017 Internet Measurement Conference. ACM， 2017: 15-28.
［22］ MARCHETTA P， PESCAPÉ A. DRAGO: Detecting， quantifying and locating hidden routers in traceroute IP paths［C］// 2013 IEEE Conference on Computer Communications. IEEE， 2013:3237-3242.
［23］ MARCHETTA P， DE DONATO W， PESCAPÉ A. Detecting third-party addresses in traceroute traces with IP timestamp option［C］// International Conference on Passive and Active Network Measurement. Springer， 2013:21-30.
［24］ RipeAltas［EB/OL］.（2006-03-01）［2024-07-20］. https://data-store.ripe.net/datasets/atlas-daily-dumps/
［25］ PADMANABHAN R， SCHULMAN A， LEVIN D， et al. Residential links under the weather［C］// Proceedings of the ACM Special Interest Group on Data Communication. ACM， 2019:145-158.
［26］ JIANG H， DOVROLIS C. Passive estimation of TCP round-trip times［J］. ACM SIGCOMM Computer Communication Review， 2002，32（3）:75-88.
［27］ FONTUGNE R， PELSSER C， ABEN E， et al. Pinpointing delay and forwarding anomalies using large-scale traceroute measurements［C］// Proceedings of the Internet Measurement Conference. ACM， 2017:15-28.
［28］ MANSFIELD-DEVINE S. DDoS goes mainstream: How headline-grabbing attacks could make this threat an organisation's biggest nightmare［J］. Network Security， 2016， 2016（11）:7-13.

[1]	梁运德, 陈守明, 卢妍倩, 李雪武, 余顺怀 . 基于包络特征的IDC网络自适应流量调控方法[J]. 计算机与现代化, 2021, 0(03): 7-11.
[2]	郝怡然, 盛益强, 王劲林, . 基于t-SNE降维预处理的网络流量异常检测[J]. 计算机与现代化, 2021, 0(02): 109-116.
[3]	高佰宏1,刘朝晖1,刘华2. 基于SCSO-GRU模型的网络流量预测[J]. 计算机与现代化, 2020, 0(04): 72-.
[4]	曹作伟1,2,陈晓1,倪宏1 . 面向网络流量的缓存替换算法比较与分析[J]. 计算机与现代化, 2019, 0(08): 50-.
[5]	宋紫华1,2,郭春1,2,蒋朝惠1,2. 一种基于网络流量分析的快速木马检测方法[J]. 计算机与现代化, 2019, 0(06): 9-.
[6]	马佳艳，王萍，夏伟，申红伟. 复杂网络下的网络流量预测和预警研究[J]. 计算机与现代化, 2018, 0(01): 102-106.
[7]	陈景柱. 布谷鸟优化混合核相关向量机的网络流量预测[J]. 计算机与现代化, 2015, 0(5): 94-97.