静态防御下移动网络混合安全漏洞检测仿真
|
摘要
针对现有移动网络混合安全漏洞检测方法存在的混合安全漏洞检测准确率低、漏检率高、检测速度较慢等问题,提出了一种基于静态防御的移动网络混合安全漏洞检测方法,利用信息特征项的权重值、用户需求与信息间的关系、信息语义与用户需求语义间的相似度以及用户感兴趣信息与信息特征项相似度等信息,完成对移动网络信息的过滤。将过滤后的移动网络信息作为检测移动网络混合安全漏洞的样本,创建一个自回归模型,对模型中的数据做零均值化处理,选择一个恰当的自回归模型阶数拟合时间序列,利用得到的时间序列拟合二阶自回归模型,根据二阶自回归模型检测移动网络信息样本,利用异常信息判定条件对检测的移动网络信息样本进行判定,实现对移动网络混合安全漏洞的检测。实验结果表明,所提移动网络混合安全漏洞检测方法可以快速、准确检测移动网络中的混合安全漏洞。
Due to low detection accuracy and high missed detection rate in current mixed security hole detection methods,this paper puts forward a method to detect mixed security hole in mobile network based on static defense. Firstly,the weight value of information feature item,the relationship between user requirement and information,the similarity degree between information semantics and user requirement semantics,and the similarity between user interest information and information feature item were used to filter mobile network information. Then,the filtered mobile network information was used as the sample to detect the mixed security hole in mobile network,so as to build an autoregressive model. The data in model were zero-centered,and an appropriate autoregressive model order was selected to fit time series. After that,the time series was used to fit the second-order autoregressive model. Based on the second-order autoregressive model,the mobile network information sample was detected. Finally,the abnormal information decision condition was used to judge the mobile network information sample. Thus,the detection for the mixed security hole in mobile network was achieved. Simulation results show that the proposed method can quickly and accurately detect mixed security hole in mobile network.
Due to low detection accuracy and high missed detection rate in current mixed security hole detection methods,this paper puts forward a method to detect mixed security hole in mobile network based on static defense. Firstly,the weight value of information feature item,the relationship between user requirement and information,the similarity degree between information semantics and user requirement semantics,and the similarity between user interest information and information feature item were used to filter mobile network information. Then,the filtered mobile network information was used as the sample to detect the mixed security hole in mobile network,so as to build an autoregressive model. The data in model were zero-centered,and an appropriate autoregressive model order was selected to fit time series. After that,the time series was used to fit the second-order autoregressive model. Based on the second-order autoregressive model,the mobile network information sample was detected. Finally,the abnormal information decision condition was used to judge the mobile network information sample. Thus,the detection for the mixed security hole in mobile network was achieved. Simulation results show that the proposed method can quickly and accurately detect mixed security hole in mobile network.
引文
[1] 过辰楷,许静,司冠南,等.面向移动应用软件信息泄露的模型检测研究[J].计算机学报,2016,39(11):2324-2343.
[2] 王丹,赵文兵,丁治明.Web应用常见注入式安全漏洞检测关键技术综述[J].北京工业大学学报,2016,42(12):1822-1832.
[3] 麻荣宽,魏强,武泽慧.PHP程序污点型漏洞静态检测方法[J].计算机工程与应用,2018,54(1):64-69.
[4] 王丹,刘源,赵文兵,等.基于用户行为模拟的XSS漏洞检测[J].大连理工大学学报,2017,57(3):302-307.
[5] 蔡军,邹鹏,熊达鹏,等.结合静态分析与动态符号执行的软件漏洞检测方法[J].计算机工程与科学,2016,38(12):2536-2541.
[6] 王耀辉,王丹,付利华.面向PHP程序的SQL漏洞检测系统[J].计算机工程,2016,42(4):112-118.
[7] 廖金菊,冯光辉.基于虚拟节点管理的云安全漏洞扫描系统[J].中国电子科学研究院学报,2016,11(5):483-489.
[8] 刘汝隽,贾斌,辛阳.基于信息增益特征选择的网络异常检测模型[J].计算机应用,2016,36(a02):49-53.
[9] 李蕴.关于应用软件中信息漏洞快速检测仿真研究[J].计算机仿真,2017,34(3):381-384.
[10] 董争鸣,曹世华.基于安全漏洞扫描的校园网告警系统的开发与设计[J].电子设计工程,2017,25(20):109-111.
[2] 王丹,赵文兵,丁治明.Web应用常见注入式安全漏洞检测关键技术综述[J].北京工业大学学报,2016,42(12):1822-1832.
[3] 麻荣宽,魏强,武泽慧.PHP程序污点型漏洞静态检测方法[J].计算机工程与应用,2018,54(1):64-69.
[4] 王丹,刘源,赵文兵,等.基于用户行为模拟的XSS漏洞检测[J].大连理工大学学报,2017,57(3):302-307.
[5] 蔡军,邹鹏,熊达鹏,等.结合静态分析与动态符号执行的软件漏洞检测方法[J].计算机工程与科学,2016,38(12):2536-2541.
[6] 王耀辉,王丹,付利华.面向PHP程序的SQL漏洞检测系统[J].计算机工程,2016,42(4):112-118.
[7] 廖金菊,冯光辉.基于虚拟节点管理的云安全漏洞扫描系统[J].中国电子科学研究院学报,2016,11(5):483-489.
[8] 刘汝隽,贾斌,辛阳.基于信息增益特征选择的网络异常检测模型[J].计算机应用,2016,36(a02):49-53.
[9] 李蕴.关于应用软件中信息漏洞快速检测仿真研究[J].计算机仿真,2017,34(3):381-384.
[10] 董争鸣,曹世华.基于安全漏洞扫描的校园网告警系统的开发与设计[J].电子设计工程,2017,25(20):109-111.
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |