基于W-Kmeans算法的DNS流量异常检测

基于W-Kmeans算法的DNS流量异常检测

林成虎;李晓东;金键;尉迟学彪;吴军

【期刊名称】《计算机工程与设计》 【年(卷),期】2013(034)006

【摘要】To detect DNS query effectively,and figure out DNS traffic anomaly in time,an algorithm of Kmeans based on weights (W-Kmeans) is proposed,which is suitable to detect DNS traffic anomaly.Some useful information is mined from the raw data of dot CN query log on May 19,2009.Several features are extracted from the raw data,and different weights are added to different features.The query log is detected by using W-Kmeans clustering algorithn.The effectiveness is analyzed by choosing different parameters at the same time.The experimental result of DNS query detection on the data of May 19 is presented to show that DNS traffic anomaly can be detected effectively with W-Kmeans algorithm.%为了对DNS查询进行有效检测,及时发现DNS流量异常,提出了适合于检测DNS流量异常的权重Kmeans (WKmeans)算法.对CN顶级域2009年5月19日的原始查询日志抽取有用信息,提取相关的向量特征,对不同的向量特征赋予不同的权重值.利用W-Kmeans算法对查询日志进行聚类检测,并分析了算法各种参数选择的影响.5.19事件的DNS查询检测结果表明,W-Kmeans算法可以有效检测DNS流量异常的发生. 【总页数】5页(2104-2108)

【关键词】域名系统;权重K均值;聚类检测;异常检测;流量异常检测