本文已被:浏览 768次 下载 1747次
Received:January 04, 2022 Revised:January 29, 2022
Received:January 04, 2022 Revised:January 29, 2022
中文摘要: 未知恶意网络流量检测是异常检测领域亟待解决的核心问题之一. 从高速网络数据流中获取的流量数据往往具有不平衡性和多变性. 虽然在恶意网络流量异常检测特征处理和检测方法方面已存在诸多研究, 但这些方法在同时解决数据不平衡性和多变性以及模型检测性能方面仍存在不足. 因此, 本文针对未知恶意网络流量检测目前存在的困难, 提出了一种基于集成SVM和Bagging的未知恶意流量检测模型. 首先, 针对网络流量数据的不平衡性, 提出一种基于Multi-SMOTE过采样的流量处理方法, 以提高流量处理后的特征质量; 第二, 针对网络流量数据分布的多样性, 提出一种基于半监督谱聚类的未知流量筛选方法, 以实现从具有多样分布的混合流量中筛选出未知流量; 最后, 基于Bagging思想, 训练了集成SVM未知恶意流量检测器. 实验结果表明, 本文所提出的基于集成SVM与Bagging的未知流量攻击类型检测模型在综合评价(F1分值)上优于目前同类未知恶意流量检测方法, 同时在不同数据集上具有较好的泛化能力.
中文关键词: 未知恶意流量检测 Multi-SMOTE过采样 半监督谱聚类 集成学习 支持向量机
Abstract:Unknown malicious network traffic detection is one of the core problems to be solved in anomaly detection as the traffic data obtained from high-speed network data flow are often unbalanced and changeable. Although there have been many studies on feature processing and detection methods of unknown malicious network traffic detection, these methods have shortcomings in simultaneously solving data imbalance and variability as well as detection performance. Considering the difficulty in unknown malicious network traffic detection, this study proposes an unknown malicious traffic detection model based on integrated SVM and bagging. Firstly, in view of the imbalance of network traffic data, a traffic processing method based on Multi-SMOTE oversampling is put forward to improve the feature quality upon traffic processing. Secondly, considering the distribution diversity of network traffic data, an unknown traffic screening method based on semi-supervised spectral clustering is presented to screen unknown traffic from mixed traffic with a diverse distribution. Finally, with the idea of Bagging, an unknown malicious traffic detector based on integrated SVM is trained. The experimental results reveal that the proposed detection model is superior to the current similar methods in comprehensive evaluation (F1 value), and it also has good generalization ability on different data sets.
keywords: unknown malicious traffic detection Multi-SMOTE oversampling semi-supervised spectral clustering Bagging support vector machine (SVM)
文章编号: 中图分类号: 文献标志码:
基金项目:国家自然科学基金(61672490)
引用文本:
赵静,李俊,龙春,杜冠瑶,万巍,魏金侠.基于集成SVM和Bagging的未知恶意流量检测.计算机系统应用,2022,31(10):51-59
ZHAO Jing,LI Jun,LONG Chun,DU Guan-Yao,WAN Wei,WEI Jin-Xia.Unknown Malicious Traffic Detection Based on Integrated SVM and Bagging.COMPUTER SYSTEMS APPLICATIONS,2022,31(10):51-59
赵静,李俊,龙春,杜冠瑶,万巍,魏金侠.基于集成SVM和Bagging的未知恶意流量检测.计算机系统应用,2022,31(10):51-59
ZHAO Jing,LI Jun,LONG Chun,DU Guan-Yao,WAN Wei,WEI Jin-Xia.Unknown Malicious Traffic Detection Based on Integrated SVM and Bagging.COMPUTER SYSTEMS APPLICATIONS,2022,31(10):51-59