摘要
本文提出了利用基于参考点的展开策略来改进现有的密度空间聚类算法,并利用改进后的聚类算法检测网络恶意数据流。为了验证其有效性,将该算法与K-Means进行对比,考察本文策略在聚类纯度、兰德指数和F值三种指标下的表现。实验结果表明,与K-Means算法相比,本文策略具有较高的聚类准确性(即纯度、兰德指数和F值较高)。
This paper proposes an effective network malicious flow detection algorithm, which is based on the improved density clustering algorithm by applying the reference point strategy and using the improved clustering to detect malicious flow. The improved algorithm in this paper uses reference points to cluster malicious flow, and considers different attack stages. In order to verify its effectiveness,the proposed algorithm was compared with K-Means in terms of three indicators, i.e.— clustering purity, rand index and F-measure. The experimental results show that compared with k-means algorithm, this strategy has higher clustering accuracy(i.e. higher purity, rand index and F measure).
引文
[1]姚凌.计算机网络安全浅析[J].遵义师范学院学报,2005,7(3):98-99.
[2]Haddadi F,Morgan J,Gomes Filho E,et al.Botnet behaviour analysis using ip flows:with http filters using classifiers[C]//Advanced Information Networking and Applications Workshops(WAINA),2014 28th International Conference on.IEEE,2014:7-12.
[3]Coluccia A,D’Alconzo A,Ricciato F.Distribution-based anomaly detection via generalized likelihood ratio test:A general maximum entropy approach[J].Computer Networks,2013,57(17):3446-3462.
[4]Chandola V,Banerjee A,Kumar V.Anomaly detection:A survey[J].ACM computing surveys(CSUR),2009,41(3):15.
[5]Comar P M,Liu L,Saha S,et al.Combining supervised and unsupervised learning for zero-day malware detection[C]//IN-FOCOM,2013 Proceedings IEEE.IEEE,2013:2022-2030.
[6]Stevanovic M,Pedersen J M.An efficient flow-based botnet detection using supervised machine learning[C]//Computing,Networking and Communications(ICNC),2014 International Conference on.IEEE,2014:797-801.
[7]Nogueira A,Salvador P,Blessa F.A botnet detection system based on neural networks[C]//Digital Telecommunications(ICDT),2010 Fifth International Conference on.IEEE,2010:57-62.
[8]Mazel J,Casas P,Labit Y,et al.Sub-space clustering,interclustering results association&anomaly correlation for unsupervised network anomaly detection[C]//Proceedings of the7th International Conference on Network and Services Management.International Federation for Information Processing,2011:73-80.
[9]Casas P,Mazel J,Owezarski P.Unsupervised Network Intrusion Detection Systems:Detecting the Unknown without Knowledge[J].Computer Communications,2012,35(7):772-783.
[10]Wang Y,Xiang Y,Zhang J,et al.Internet traffic classification using constrained clustering[J].IEEE transactions on parallel and distributed systems,2014,25(11):2932-2943.
[11]Wang Y,Xiang Y,Zhang J,et al.Internet traffic clustering with side information[J].Journal of Computer and System Sciences,2014,80(5):1021-1036.
[12]蒋仁龙,蒋子龙.基于q-gram层次空间的机器翻译中句子相似度计算探析[J].遵义师范学院学报,2015(5):89-93.
[13]Schütze H,Manning C D,Raghavan P.Introduction to information retrieval[M].Cambridge University Press,2008.