计算机科学 ›› 2022, Vol. 49 ›› Issue (6A): 581-587.doi: 10.11896/jsjkx.210400044
曹扬晨, 朱国胜, 孙文和, 吴善超
CAO Yang-chen, ZHU Guo-sheng, SUN Wen-he, WU Shan-chao
摘要: 入侵检测是一种主动防御网络中攻击行为的技术,在网络管理方面起着至关重要的作用,而传统的入侵检测技术无法识别未知攻击,也是长期困扰本领域的难题。针对未知类型的入侵攻击,提出了K-Means与FP-Growth算法相结合的未知攻击识别模型,以实现对未知攻击的规则进行提取。首先,对于多种未知攻击混合的数据,根据样本间的相似性用K-Means进行聚类分析,引入轮廓系数评估聚类的效果,聚类完成之后,同种未知攻击被分到相同的簇中,人工提取未知攻击的特征,对特征数据进行预处理,将连续型特征离散化,然后用FP-Growth算法挖掘未知攻击数据的频繁项集和关联规则,最后对其进行分析,得出该未知攻击的规则,用规则对该类型的未知攻击进行检测,结果表明,所提模型的准确率可达98.74%,优于其他相关模型。
中图分类号:
[1] WANG S.Research of intrusion detection based on an improved K-means algorithm[C]//2011 Second International Conference on Innovations in Bio-inspired Computing and Applications.IEEE,2011:274-276. [2] CHEN Y,ZHANG M J,XU F J.HTTP slow DoS attack detection method based on one-dimensional convolutional neural network[J].Journal of Computer Applications,2020,40(10):2973-2979. [3] ZHANG Z,LIU Q,QIU S,et al.Unknown Attack DetectionBased on Zero-Shot Learning[J].IEEE Access,2020,8:193981-193991. [4] ZHENG M X.Research on Intrusion Detection and Defense of Campus Network Based on Clustering[D].Hangzhou:Zhejiang University,2020. [5] LI E Y.Research on Intrusion Detection System Based on Classic Clustering Algorithm and Association Algorithm[D].Chongqing:Chongqing University of Posts and Telecommunications,2020. [6] ZHAO S.Research on Intrusion Detection System Based onCluster Analysis and Association Rules[D].Tangshan:North China University of Technology,2019. [7] SAIED A,OVERILL R E,RADZIK T.Detection of known and unknown DDoS attacks using Artificial Neural Networks[J].Neurocomputing,2016,172(C):385-393. [8] CASAS P,MAZEL J,OWEZARSKI P.Unsupervised network intrusion detection systems:Detecting the unknown without knowledge[J].Computer Communications,2012,35(7):772-783. [9] LOBATO A G P,LOPEZ M A,SANZ I J,et al.An adaptivereal-time architecture for zero-day threat detection[C]//2018 IEEE International Conference on Communications(ICC).IEEE,2018:1-6. |
[1] | 王馨彤, 王璇, 孙知信. 基于多尺度记忆残差网络的网络流量异常检测模型 Network Traffic Anomaly Detection Method Based on Multi-scale Memory Residual Network 计算机科学, 2022, 49(8): 314-322. https://doi.org/10.11896/jsjkx.220200011 |
[2] | 陈圆圆, 王志海. 基于聚类分区的多维数据流概念漂移检测方法 Concept Drift Detection Method for Multidimensional Data Stream Based on Clustering Partition 计算机科学, 2022, 49(7): 25-30. https://doi.org/10.11896/jsjkx.210600155 |
[3] | 周志豪, 陈磊, 伍翔, 丘东亮, 梁广升, 曾凡巧. 基于SMOTE-SDSAE-SVM的车载CAN总线入侵检测算法 SMOTE-SDSAE-SVM Based Vehicle CAN Bus Intrusion Detection Algorithm 计算机科学, 2022, 49(6A): 562-570. https://doi.org/10.11896/jsjkx.210700106 |
[4] | 魏辉, 陈泽茂, 张立强. 一种基于顺序和频率模式的系统调用轨迹异常检测框架 Anomaly Detection Framework of System Call Trace Based on Sequence and Frequency Patterns 计算机科学, 2022, 49(6): 350-355. https://doi.org/10.11896/jsjkx.210500031 |
[5] | 杨旭华, 王磊, 叶蕾, 张端, 周艳波, 龙海霞. 基于节点相似性和网络嵌入的复杂网络社区发现算法 Complex Network Community Detection Algorithm Based on Node Similarity and Network Embedding 计算机科学, 2022, 49(3): 121-128. https://doi.org/10.11896/jsjkx.210200009 |
[6] | 孔钰婷, 谭富祥, 赵鑫, 张正航, 白璐, 钱育蓉. 基于差分隐私的K-means算法优化研究综述 Review of K-means Algorithm Optimization Based on Differential Privacy 计算机科学, 2022, 49(2): 162-173. https://doi.org/10.11896/jsjkx.201200008 |
[7] | 张师鹏, 李永忠. 基于降噪自编码器和三支决策的入侵检测方法 Intrusion Detection Method Based on Denoising Autoencoder and Three-way Decisions 计算机科学, 2021, 48(9): 345-351. https://doi.org/10.11896/jsjkx.200500059 |
[8] | 白勇, 张占龙, 熊隽迪. 基于FP-Growth算法和GRNN的电力知识文本挖掘 Power Knowledge Text Mining Based on FP-Growth Algorithm and GRNN 计算机科学, 2021, 48(8): 86-90. https://doi.org/10.11896/jsjkx.210600031 |
[9] | 李贝贝, 宋佳芮, 杜卿芸, 何俊江. DRL-IDS:基于深度强化学习的工业物联网入侵检测系统 DRL-IDS:Deep Reinforcement Learning Based Intrusion Detection System for Industrial Internet of Things 计算机科学, 2021, 48(7): 47-54. https://doi.org/10.11896/jsjkx.210400021 |
[10] | 程希, 曹晓梅. 基于信息携带的SQL注入攻击检测方法 SQL Injection Attack Detection Method Based on Information Carrying 计算机科学, 2021, 48(7): 70-76. https://doi.org/10.11896/jsjkx.200600010 |
[11] | 俞建业, 戚湧, 王宝茁. 基于Spark的车联网分布式组合深度学习入侵检测方法 Distributed Combination Deep Learning Intrusion Detection Method for Internet of Vehicles Based on Spark 计算机科学, 2021, 48(6A): 518-523. https://doi.org/10.11896/jsjkx.200700129 |
[12] | 曹扬晨, 朱国胜, 祁小云, 邹洁. 基于随机森林的入侵检测分类研究 Research on Intrusion Detection Classification Based on Random Forest 计算机科学, 2021, 48(6A): 459-463. https://doi.org/10.11896/jsjkx.200600161 |
[13] | 徐慧慧, 晏华. 基于相对危险度的儿童先心病风险因素分析算法 Relative Risk Degree Based Risk Factor Analysis Algorithm for Congenital Heart Disease in Children 计算机科学, 2021, 48(6): 210-214. https://doi.org/10.11896/jsjkx.200500082 |
[14] | 贾琳, 杨超, 宋玲玲, 程镇, 李琲珺. 改进的否定选择算法及其在入侵检测中的应用 Improved Negative Selection Algorithm and Its Application in Intrusion Detection 计算机科学, 2021, 48(6): 324-331. https://doi.org/10.11896/jsjkx.200400033 |
[15] | 王颖颖, 常俊, 武浩, 周详, 彭予. 基于WiFi-CSI的入侵检测方法 Intrusion Detection Method Based on WiFi-CSI 计算机科学, 2021, 48(6): 343-348. https://doi.org/10.11896/jsjkx.200700006 |
|