计算机科学 ›› 2015, Vol. 42 ›› Issue (1): 142-143.doi: 10.11896/j.issn.1002-137X.2015.01.033
陈利,张利,班晓芳,梁杰
CHEN Li, ZHANG Li, BAN Xiao-fang and LIANG Jie
摘要: 传统协议分析方法在检测网络加密会话时大都通过端口识别,在加密应用使用非常规端口或者在周知明文端口出现加密流量时无法进行有效的检测。为此,提出基于信息熵的加密会话检测方法。该方法先对数据流按端口进行会话重组,再计算会话数据包字符熵,进而统计出整个会话字符熵,判断熵值是否属于训练模型正态分布置信区间,通过信息分布均匀度来检测加密会话。实验表明,该方法无需特征指纹库,且检测准确率高,并能实现实时检测和处理。
| [1] Lakhina A,Crovella M,Diot C.Characterization of Network-wide Anomalies in Traffic Flows[R].Technical Report:BUCS-20040020.Boston University,2004 [2] 高建明,龚亮亮,吕涛.基于信息熵的目标平台识别方法[J].计算机应用与软件,2013,30(9):171-184 [3] Kargupta H,Park B,Hershberger D,et al.Collective data mining:a new perspective toward distributed data mining[C]∥Proceedings of Advances in Distributed and Parallel Knowledge Discovery.[S.1.]:AAAAI/ MIT Press,2000:128-175 [4] Sommer R,Paxson V.Outside the closed world:On using machine learing for network intrusion detection[C]∥Proc.of 2010 IEEE Symposium on Secutiry and Privacy.2010:302-355 [5] 李文忠,左万利,赫枫龄.一种基于信息熵的多维流数据噪声检测算法[J].计算机科学,2012,39(2):123-144 [6] 王海龙,杨岳湘.基于信息熵的大规模网络流量异常检测[J].计算机工程,2007,33 (18):262-264 [7] Nehinbe J O.Automated technique for debugging network intrusion detection systems[C]∥IEEE 2010 International Confe-rence on Intelligent Systems,Modelling and Simulation (ISMS).Liverpool,2010:363-367 [8] 吴小叶,肖继民.基于信息熵的网络异常流量的研究[J].广东通信技术,2008(4):32-34 [9] Kim D S,Nguyen H N,Park J S.Genetic algorithm to improve SVM based network intrusion detection system[C]∥Proc.of the 19th International Conference on Advanced Information Networking and Applications.2005:150-164 [10] 丁世飞,朱红,许新征,等.基于熵的模糊信息测度研究[J].计算机学报,2012,30(8):139-151 |
| No related articles found! |
|
||
首页