检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:贾文超[1] 戚兰兰 施凡[1] 胡荣贵[1] Jia Wenchao;Qi Lanlan;Shi Fan;Hu Ronggui(Dept.of Network,Electronic Engineering Institute,Hefei 230037,China)
出 处:《计算机应用研究》2018年第5期1558-1561,共4页Application Research of Computers
基 金:国家自然科学基金资助项目(61602491)
摘 要:为解决WebShell检测特征覆盖不全、检测算法有待完善的问题,提出一种基于随机森林改进算法的WebShell检测方法。首先对三种类型的WebSshell进行深入特征分析,构建多维特征,较全面地覆盖静态属性和动态行为,改进随机森林特征选取方法;依据Fisher比度量特征重要性,对子类的依赖特征进行划分,按比例和顺序从中选择特征,克服特征选择完全随机带来的弊端,提高决策树分类强度,降低树间相关度。实验对随机森林改进算法和标准算法进行了对比分析,结果表明改进算法依靠更少的决策树就能达到很好的效果,并进一步与SVM算法进行比较,证明该方法提高了WebShell检测的效率和准确率。To improve the WebShell detection feature coverage and the ability of detection algorithm,this paper proposed a WebShell detection method based on random forest improved algorithm.First of all,this paper analyzed features of three kinds WebShell,and built multi-dimensional features which had comprehensive coverage of static attributes and dynamic behaviors.This paper improved the method of random forest feature selection.It partitioned features according to the importance measured by Fisher criterion and selected in proportion and order,to overcome drawbacks brought by completely random feature selection,which increased the intensity of the decision tree classification and reduced the relevance between decision trees.The results of the experiment of random forest improved algorithm and standard algorithm show that the improved algorithm with less decision trees can achieve very good effect,and another contrast experiment proves that the random forest improved algorithm has superiority compared with SVM algorithm in dealing with WebShell detection problem.
关 键 词:WebShell检测 随机森林 特征划分 FISHER准则
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.222