计算机科学

计算机科学 ›› 2022, Vol. 49 ›› Issue (6A): 581-587.doi: 10.11896/jsjkx.210400044

• 信息安全 • 上一篇    下一篇

未知网络攻击识别关键技术研究

曹扬晨, 朱国胜, 孙文和, 吴善超   

  1. 湖北大学计算机与信息工程学院 武汉 430062
  • 出版日期:2022-06-10 发布日期:2022-06-08
  • 通讯作者: 朱国胜(zhuguosheng@hubu.edu.cn)
  • 作者简介:(943407866@qq.com)
  • 基金资助:
    赛尔网络下一代互联网技术创新项目;基于网络流量重构的校园区域舆情挖掘与监测系统(NGII20170210)

Study on Key Technologies of Unknown Network Attack Identification

CAO Yang-chen, ZHU Guo-sheng, SUN Wen-he, WU Shan-chao   

  1. School of Computer and Information Engineering,Hubei University,Wuhan 430062,China
  • Online:2022-06-10 Published:2022-06-08
  • About author:CAO Yang-chen,born in 1996,postgraduate.Her main research interests include machine learning and network traffic analysis.
    ZHU Guo-sheng,born in 1972,Ph.D,professor.His main research interests include next-generation Internet and software-defined networks.
  • Supported by:
    CERNET Innovation Project and Campus Regional Public Opinion Mining and Monitoring System Based on Network Traffic Reconstruction(NGII20170210).

PDF (PC)

694

摘要: 入侵检测是一种主动防御网络中攻击行为的技术,在网络管理方面起着至关重要的作用,而传统的入侵检测技术无法识别未知攻击,也是长期困扰本领域的难题。针对未知类型的入侵攻击,提出了K-Means与FP-Growth算法相结合的未知攻击识别模型,以实现对未知攻击的规则进行提取。首先,对于多种未知攻击混合的数据,根据样本间的相似性用K-Means进行聚类分析,引入轮廓系数评估聚类的效果,聚类完成之后,同种未知攻击被分到相同的簇中,人工提取未知攻击的特征,对特征数据进行预处理,将连续型特征离散化,然后用FP-Growth算法挖掘未知攻击数据的频繁项集和关联规则,最后对其进行分析,得出该未知攻击的规则,用规则对该类型的未知攻击进行检测,结果表明,所提模型的准确率可达98.74%,优于其他相关模型。

关键词: K-Means, FP-Growth, 关联规则, 入侵检测, 未知攻击

Abstract: Intrusion detection is a technology that proactively defends against attacks in the network and plays a vital role in network management.Traditional intrusion detection technology cannot identify unknown attacks,which is also a problem that has plagued this field for a long time.Aiming at unknown types of intrusion attacks,an unknown attack recognition model combining K-Means and FP-Growth algorithms is proposed to extract the rules of unknown attacks.First,for the data of a mixture of multiple unknown attacks,cluster analysis is performed with K-Means based on the similarity between samples,and the silhouette coefficient is introduced to evaluate the effect of clustering.After the clustering is completed,the same unknown attacks are classified into the same cluster,the feature of unknown attack is manually extracted,the feature data is preprocessed,the continuous feature is discretized,and then the frequent item sets and association rules of the unknown attack data are mined by the FP-Growth algorithm,and finally the rule unknown attack is obtained by analyzing it.The rules of attack are used to detect this type of unknown attack.The results show that the accuracy rate can reach 98.74%,which is higher than that of the related algorithms.

Key words: K-Means, Association rules, FP-Growth, Intrusion detection, Unknown attack

中图分类号: 

  • TP181
[1] WANG S.Research of intrusion detection based on an improved K-means algorithm[C]//2011 Second International Conference on Innovations in Bio-inspired Computing and Applications.IEEE,2011:274-276.
[2] CHEN Y,ZHANG M J,XU F J.HTTP slow DoS attack detection method based on one-dimensional convolutional neural network[J].Journal of Computer Applications,2020,40(10):2973-2979.
[3] ZHANG Z,LIU Q,QIU S,et al.Unknown Attack DetectionBased on Zero-Shot Learning[J].IEEE Access,2020,8:193981-193991.
[4] ZHENG M X.Research on Intrusion Detection and Defense of Campus Network Based on Clustering[D].Hangzhou:Zhejiang University,2020.
[5] LI E Y.Research on Intrusion Detection System Based on Classic Clustering Algorithm and Association Algorithm[D].Chongqing:Chongqing University of Posts and Telecommunications,2020.
[6] ZHAO S.Research on Intrusion Detection System Based onCluster Analysis and Association Rules[D].Tangshan:North China University of Technology,2019.
[7] SAIED A,OVERILL R E,RADZIK T.Detection of known and unknown DDoS attacks using Artificial Neural Networks[J].Neurocomputing,2016,172(C):385-393.
[8] CASAS P,MAZEL J,OWEZARSKI P.Unsupervised network intrusion detection systems:Detecting the unknown without knowledge[J].Computer Communications,2012,35(7):772-783.
[9] LOBATO A G P,LOPEZ M A,SANZ I J,et al.An adaptivereal-time architecture for zero-day threat detection[C]//2018 IEEE International Conference on Communications(ICC).IEEE,2018:1-6.
[1] 王馨彤, 王璇, 孙知信.
基于多尺度记忆残差网络的网络流量异常检测模型
Network Traffic Anomaly Detection Method Based on Multi-scale Memory Residual Network
计算机科学, 2022, 49(8): 314-322. https://doi.org/10.11896/jsjkx.220200011
[2] 陈圆圆, 王志海.
基于聚类分区的多维数据流概念漂移检测方法
Concept Drift Detection Method for Multidimensional Data Stream Based on Clustering Partition
计算机科学, 2022, 49(7): 25-30. https://doi.org/10.11896/jsjkx.210600155
[3] 周志豪, 陈磊, 伍翔, 丘东亮, 梁广升, 曾凡巧.
基于SMOTE-SDSAE-SVM的车载CAN总线入侵检测算法
SMOTE-SDSAE-SVM Based Vehicle CAN Bus Intrusion Detection Algorithm
计算机科学, 2022, 49(6A): 562-570. https://doi.org/10.11896/jsjkx.210700106
[4] 魏辉, 陈泽茂, 张立强.
一种基于顺序和频率模式的系统调用轨迹异常检测框架
Anomaly Detection Framework of System Call Trace Based on Sequence and Frequency Patterns
计算机科学, 2022, 49(6): 350-355. https://doi.org/10.11896/jsjkx.210500031
[5] 杨旭华, 王磊, 叶蕾, 张端, 周艳波, 龙海霞.
基于节点相似性和网络嵌入的复杂网络社区发现算法
Complex Network Community Detection Algorithm Based on Node Similarity and Network Embedding
计算机科学, 2022, 49(3): 121-128. https://doi.org/10.11896/jsjkx.210200009
[6] 孔钰婷, 谭富祥, 赵鑫, 张正航, 白璐, 钱育蓉.
基于差分隐私的K-means算法优化研究综述
Review of K-means Algorithm Optimization Based on Differential Privacy
计算机科学, 2022, 49(2): 162-173. https://doi.org/10.11896/jsjkx.201200008
[7] 张师鹏, 李永忠.
基于降噪自编码器和三支决策的入侵检测方法
Intrusion Detection Method Based on Denoising Autoencoder and Three-way Decisions
计算机科学, 2021, 48(9): 345-351. https://doi.org/10.11896/jsjkx.200500059
[8] 白勇, 张占龙, 熊隽迪.
基于FP-Growth算法和GRNN的电力知识文本挖掘
Power Knowledge Text Mining Based on FP-Growth Algorithm and GRNN
计算机科学, 2021, 48(8): 86-90. https://doi.org/10.11896/jsjkx.210600031
[9] 李贝贝, 宋佳芮, 杜卿芸, 何俊江.
DRL-IDS:基于深度强化学习的工业物联网入侵检测系统
DRL-IDS:Deep Reinforcement Learning Based Intrusion Detection System for Industrial Internet of Things
计算机科学, 2021, 48(7): 47-54. https://doi.org/10.11896/jsjkx.210400021
[10] 程希, 曹晓梅.
基于信息携带的SQL注入攻击检测方法
SQL Injection Attack Detection Method Based on Information Carrying
计算机科学, 2021, 48(7): 70-76. https://doi.org/10.11896/jsjkx.200600010
[11] 俞建业, 戚湧, 王宝茁.
基于Spark的车联网分布式组合深度学习入侵检测方法
Distributed Combination Deep Learning Intrusion Detection Method for Internet of Vehicles Based on Spark
计算机科学, 2021, 48(6A): 518-523. https://doi.org/10.11896/jsjkx.200700129
[12] 曹扬晨, 朱国胜, 祁小云, 邹洁.
基于随机森林的入侵检测分类研究
Research on Intrusion Detection Classification Based on Random Forest
计算机科学, 2021, 48(6A): 459-463. https://doi.org/10.11896/jsjkx.200600161
[13] 徐慧慧, 晏华.
基于相对危险度的儿童先心病风险因素分析算法
Relative Risk Degree Based Risk Factor Analysis Algorithm for Congenital Heart Disease in Children
计算机科学, 2021, 48(6): 210-214. https://doi.org/10.11896/jsjkx.200500082
[14] 贾琳, 杨超, 宋玲玲, 程镇, 李琲珺.
改进的否定选择算法及其在入侵检测中的应用
Improved Negative Selection Algorithm and Its Application in Intrusion Detection
计算机科学, 2021, 48(6): 324-331. https://doi.org/10.11896/jsjkx.200400033
[15] 王颖颖, 常俊, 武浩, 周详, 彭予.
基于WiFi-CSI的入侵检测方法
Intrusion Detection Method Based on WiFi-CSI
计算机科学, 2021, 48(6): 343-348. https://doi.org/10.11896/jsjkx.200700006
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发