中文摘要：

根据网络流量的统计特征提出一种慢速端口扫描行为检测算法，以主机数和端口数的比值及被访问主机端口集合之间的相似度为基础，采用非参数累积和CUSUM算法及小波变换方法对流量统计特征进行分析，进而判断是否存在端口扫描行为。实验结果表明，所提取的网络流量特征及算法可以有效地检测异常行为，该方法和Snort相比较具有低的漏报率和误报率。

英文摘要：

A slowly port scan detect method was presented based on the statistical traffic features. Two statistical features： the ratio between the number of hosts and ports a host communicates and similarities of the ports set, were selected to denote the traffic features. The CUSUM and wavelet transform methods were employed to analyze the features and detect the slowly port scan behaviors. The experimental results show that the methods proposed detect port scan behaviors efficiently and correctly, it has low false negative and false positive alarm rate compared with the Snort,