基于随机森林的分层木马检测技术研究  被引量:1

Hierarchical Detection of Trojan Behavior based on Random Forest

在线阅读下载全文

作  者:吴金龙[1] 石晓飞[1] 许佳[1] 史军[1] 

机构地区:[1]江南计算技术研究所,江苏无锡214083

出  处:《通信技术》2016年第4期475-480,共6页Communications Technology

摘  要:为了应对以未知木马为核心的APT类攻击带来的威胁,对基于数据流的木马检测技术进行了研究。提出一种基于分层的多维通信特征的木马检测方法,检测网络数据流中的木马数据。在对已有分类检测算法调研的基础上,创新的将随机森林算法应用于训练集,以建立检测模型,创新的建立了分层评分策略,为分析人员提供可信的检测结果。通过实验将该方法与三种常用的机器学习算法对比,在数据流的检测方面,该方法的准确率至少提高了1.8%,误报率最少降低了2.77%。In order to deal with the threat from APT attacks with unknown Trojan as the core, Trojan detec- tion technology based on net flows is studied and discussed. A method based on multidimensional features from different layers for Trojan detection is proposed, thus to detect Trojan data in the network data flows. Based on intestigation of the existing detection technology, the random forest algorithm is applied to training data set, thus to construct the detection model, establish hierarchical scoring policy, and providing a trusted detection result for analysts. Experiment and comparison of the three learning algorithms indicate that this method could improve accuracy rate at least 1.8% and reduce the false alarm rate at least 2.77% in the detection of Trojans.

关 键 词:木马检测 随机森林 多维特征 APT攻击 分层检测 

分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象