共查询到20条相似文献,搜索用时 0 毫秒
1.
In response to the HTTP malicious traffic detection problem,a preprocessing method based on cutting mechanism and statistical association was proposed to perform statistical information correlation as well as normalization processing of traffic.Then,a hybrid neural network was proposed based on the combination of raw data and empirical feature engineering.It combined convolutional neural network (CNN) and multilayer perceptron (MLP) to process text and statistical information.The effect of the model was significantly improved compared with traditional machine learning algorithms (e.g.,SVM).The F1value reached 99.38% and had a lower time complexity.At the same time,a data set consisting of more than 450 000 malicious traffic and more than 20 million non-malicious traffic was created.In addition,prototype system based on model was designed with detection precision of 98.1%~99.99% and recall rate of 97.2%~99.5%.The application is excellent in real network environment. 相似文献
2.
To address the problem that the existing methods of network traffic anomaly detection not only need a large number of training sets,but also have poor generalization ability,an intelligent detection method on network malicious traffic based on sample enhancement was proposed.The key words were extracted from the training set and the sample of the training set was enhanced based on the strategy of key word avoidance,and the ability for the method to extract the text features from the training set was improved.The experimental results show that,the accuracy of network traffic anomaly detection model and cross dataset can be significantly improved by small training set.Compared with other methods,the proposed method can reduce the computational complexity and achieve better detection ability. 相似文献
3.
4.
5.
6.
随着计算机技术及相关应用的高速发展,越来越多的信息系统投入应用到人们的日常生活中,与此同时,IPv6技术的普及也使得越来越多的物联网设备呈爆发式增长。然而针对各类信息系统及物联网设备的攻击层出不穷,已严重威胁日常信息系统的安全运行。所以,针对恶意流量的安全检测技术在网络安全中起到至关重要的作用。本文提出一种基于多粒度扫描和BP神经网络的恶意流量检测算法,通过对实验数据的计算与模拟,利用本算法得到了较好的准确率,证明了本算法的有效性。 相似文献
7.
8.
9.
10.
为了保护网页不被嵌入恶意代码,提出了一种基于网页文件代码分类检测技术的恶意代码检测系统,并完成了软件设计与开发.该系统采用J2EE技术开发,能够对网页文件进行代码分类扫描,并根据不同的扫描结果进行相应的处理.通过实际应用表明,采用代码分类检测技术能够高检出、低误报的识别出多种恶意代码,达到了设计要求. 相似文献
11.
针对单一分类方法在训练样本不足的情况下对于小样本网络流分类效果差的特点,通过自适应增强(Adaptive Boosting,AdaBoost)算法进行流量分类。算法首先使用CFS(Correlation-based Feature Selection)特征选择方法从大量网络流特征中提取出少量高效的分类特征,在此基础上,通过AdaBoost算法组合决策树、关联规则和贝叶斯等5种单一分类方法实现流量分类。实际网络流量数据测试表明,基于AdaBoost的组合分类方法的准确率在所选的几种算法中是最高的,其能够达到98192%,且相对于单一的分类算法,组合流量分类方法对于小样本网络流的分类效果具有明显提升。 相似文献
12.
Aiming at the problem that some information causing harm to the network environment was transmitted through the mirror website so as to bypass the detection,an identification method of malicious mirror website for high-speed network traffic was proposed.At first,fragmented data from the traffic was extracted,and the source code of the webpage was restored.Next,a standardized processing module was utilized to improve the accuracy.Additionally,the source code of the webpage was divided into blocks,and the hash value of each block was calculated by the simhash algorithm.Therefore,the simhash value of the webpage source codes was obtained,and the similarity between the webpage source codes was calculated by the Hamming distance.The page snapshot was then taken and SIFT feature points were extracted.The perceptual hash value was obtained by clustering analysis and mapping processing.Finally,the similarity of webpages was calculated by the perceptual hash values.Experiments under real traffic show that the accuracy of the method is 93.42%,the recall rate is 90.20%,the F value is 0.92,and the processing delay is 20 μs.Through the proposed method,malicious mirror website can be effectively detected in the high-speed network traffic environment. 相似文献
13.
A. Di Pietro D. Ficara S. Giordano F. Oppedisano G. Procissi F. Vitucci 《International Journal of Communication Systems》2009,22(11):1403-1425
The wide availability of cheap and effective commodity PC hardware has driven the development of versatile traffic monitoring software such as protocol analyzers, traffic characterizers and intrusion detection systems. Most of them are designed to run on general purpose architectures and are based on the well‐known libpcap API, which has rapidly become a de facto standard. Although many improvements have been applied to packet capturing software, it still suffers from several performance flaws, mainly due to the underlying hardware bottlenecks. To overcome these issues, this paper proposes a system architecture, which combines the high performance of a Network Processor card with the flexibility of software‐based solutions. It allows for removing most part of the hardware limitations exhibited by a purely PC‐based architecture, while preserving the full compliance to any software applications based on libpcap. In addition, the proposed system enables the use of monitoring applications at the wire speed, with the possibility of on‐the‐fly data processing. The system performance has been thoroughly assessed: the results show that it clearly outperforms the previous PC‐based solutions in terms of packet capturing power, while the timestamping accuracy is as good as that achieved by DAG cards. Copyright © 2009 John Wiley & Sons, Ltd. 相似文献
14.
近年来,随着宽带到联网在全球的迅速发展和各种相关应用的快速普及.宽带互联网已成为人们日常工作生活中不可或缺的信息承载工具。然而.伴随着用户的正常应用流量.宽带网络上形形色色的异常流量也随之而来.影响到网络的正常运行.威胁用户主机的安全和正常使用.通过日常网络管理的实际应用.对互联网流量分析进行了综合介绍.重点介绍如何借助主流流量分析技术-NETFLOW.解决异常流量分析与处理等问题。 相似文献
15.
Network traffic classification aims at identifying the application types of network packets. It is important for Internet service providers (ISPs) to manage bandwidth resources and ensure the quality of service for different network applications However, most classification techniques using machine learning only focus on high flow accuracy and ignore byte accuracy. The classifier would obtain low classification performance for elephant flows as the imbalance between elephant flows and mice flows on Internet. The elephant flows, however, consume much more bandwidth than mice flows. When the classifier is deployed for traffic policing, the network management system cannot penalize elephant flows and avoid network congestion effectively. This article explores the factors related to low byte accuracy, and secondly, it presents a new traffic classification method to improve byte accuracy at the aid of data cleaning. Experiments are carried out on three groups of real-world traffic datasets, and the method is compared with existing work on the performance of improving byte accuracy. Experiment shows that byte accuracy increased by about 22.31% on average. The method outperforms the existing one in most cases. 相似文献
16.
Jun-Won HoAuthor Vitae Matthew WrightAuthor VitaeSajal K. DasAuthor Vitae 《Ad hoc Networks》2012,10(3):512-523
In wireless sensor networks, sensor nodes are usually fixed to their locations after deployment. However, an attacker who compromises a subset of the nodes does not need to abide by the same limitation. If the attacker moves his compromised nodes to multiple locations in the network, such as by employing simple robotic platforms or moving the nodes by hand, he can evade schemes that attempt to use location to find the source of attacks. In performing DDoS and false data injection attacks, he takes advantage of diversifying the attack paths with mobile malicious nodes to prevent network-level defenses. For attacks that disrupt or undermine network protocols like routing and clustering, moving the misbehaving nodes prevents them from being easily identified and blocked. Thus, mobile malicious node attacks are very dangerous and need to be detected as soon as possible to minimize the damage they can cause. In this paper, we are the first to identify the problem of mobile malicious node attacks, and we describe the limitations of various naive measures that might be used to stop them. To overcome these limitations, we propose a scheme for distributed detection of mobile malicious node attacks in static sensor networks. The key idea of this scheme is to apply sequential hypothesis testing to discover nodes that are silent for unusually many time periods—such nodes are likely to be moving—and block them from communicating. By performing all detection and blocking locally, we keep energy consumption overhead to a minimum and keep the cost of false positives low. Through analysis and simulation, we show that our proposed scheme achieves fast, effective, and robust mobile malicious node detection capability with reasonable overhead. 相似文献
17.
The aim of wireless sensor networks (WSNs) is to gather sensor data from a monitored environment. However, the collected or reported information might be falsified by faults or malicious nodes. Hence, identifying malicious nodes in an effective and timely manner is essential for the network to function properly and reliably. Maliciously behaving nodes are usually detected and isolated by reputation and trust‐based schemes before they can damage the network. In this paper, we propose an efficient weighted trust‐based malicious node detection (WT‐MND) scheme that can detect malicious nodes in a clustered WSN. The node behaviors are realistically treated by accounting for false‐positive and false‐negative instances. The simulation results confirm the timely identification and isolation of maliciously behaving nodes by the WT‐MND scheme. The effectiveness of the proposed scheme is afforded by the adaptive trust‐update process, which implicitly performs trust recovery of temporarily malfunctioning nodes and computes a different trust‐update factor for each node depending on its behavior. The proposed scheme is more effective and scalable than the related schemes in the literature, as evidenced by its higher detection ratio (DR) and lower misdetection ratio (MDR), which only slightly vary with the network's size. Moreover, the scheme sustains its efficient characteristics without significant power consumption overheads. 相似文献
18.
19.
随着P2P网络的迅速发展,它在各个领域被广泛应用,但由于P2P网络自身开放性、匿名性等特点,使网络中存在许多欺骗性、合谋性以及策略性的恶意节点,影响其有效性和可用性.目前存在许多信任模型都分别给出了抑制各种恶意节点的方法,文中从恶意节点出发,总结了典型信任模型中抑制恶意节点的主要方法. 相似文献