基于集成SVM和Bagging的未知恶意流量检测
CSTR:
作者:
作者单位:

作者简介:

通讯作者:

中图分类号:

基金项目:

国家自然科学基金(61672490)


Unknown Malicious Traffic Detection Based on Integrated SVM and Bagging
Author:
Affiliation:

Fund Project:

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
  • |
  • 文章评论
    摘要:

    未知恶意网络流量检测是异常检测领域亟待解决的核心问题之一. 从高速网络数据流中获取的流量数据往往具有不平衡性和多变性. 虽然在恶意网络流量异常检测特征处理和检测方法方面已存在诸多研究, 但这些方法在同时解决数据不平衡性和多变性以及模型检测性能方面仍存在不足. 因此, 本文针对未知恶意网络流量检测目前存在的困难, 提出了一种基于集成SVM和Bagging的未知恶意流量检测模型. 首先, 针对网络流量数据的不平衡性, 提出一种基于Multi-SMOTE过采样的流量处理方法, 以提高流量处理后的特征质量; 第二, 针对网络流量数据分布的多样性, 提出一种基于半监督谱聚类的未知流量筛选方法, 以实现从具有多样分布的混合流量中筛选出未知流量; 最后, 基于Bagging思想, 训练了集成SVM未知恶意流量检测器. 实验结果表明, 本文所提出的基于集成SVM与Bagging的未知流量攻击类型检测模型在综合评价(F1分值)上优于目前同类未知恶意流量检测方法, 同时在不同数据集上具有较好的泛化能力.

    Abstract:

    Unknown malicious network traffic detection is one of the core problems to be solved in anomaly detection as the traffic data obtained from high-speed network data flow are often unbalanced and changeable. Although there have been many studies on feature processing and detection methods of unknown malicious network traffic detection, these methods have shortcomings in simultaneously solving data imbalance and variability as well as detection performance. Considering the difficulty in unknown malicious network traffic detection, this study proposes an unknown malicious traffic detection model based on integrated SVM and bagging. Firstly, in view of the imbalance of network traffic data, a traffic processing method based on Multi-SMOTE oversampling is put forward to improve the feature quality upon traffic processing. Secondly, considering the distribution diversity of network traffic data, an unknown traffic screening method based on semi-supervised spectral clustering is presented to screen unknown traffic from mixed traffic with a diverse distribution. Finally, with the idea of Bagging, an unknown malicious traffic detector based on integrated SVM is trained. The experimental results reveal that the proposed detection model is superior to the current similar methods in comprehensive evaluation (F1 value), and it also has good generalization ability on different data sets.

    参考文献
    相似文献
    引证文献
引用本文

赵静,李俊,龙春,杜冠瑶,万巍,魏金侠.基于集成SVM和Bagging的未知恶意流量检测.计算机系统应用,2022,31(10):51-59

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2022-01-04
  • 最后修改日期:2022-01-29
  • 录用日期:
  • 在线发布日期: 2022-06-24
  • 出版日期:
文章二维码
您是第位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京海淀区中关村南四街4号 中科院软件园区 7号楼305房间,邮政编码:100190
电话:010-62661041 传真: Email:csa (a) iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号