基于改进高斯核函数的BGP异常检测方法  被引量：5

作　　者：戴仙波 王娜[1,2] 刘颖 DAI Xianbo;WANG Na;LIU Ying(College of Cipher Engineering,Information Engineering University,Zhengzhou 450001,China;Henan Key Laboratory of Information Security,Zhengzhou 450001,China)

机构地区：[1]信息工程大学密码工程学院,郑州450001 [2]河南省信息安全重点实验室,郑州450001

出　　处：《计算机工程》2019年第10期122-129,共8页Computer Engineering

基　　金：国家重点研发计划(2018YFB0803603);国家自然科学基金(61802436,61502531);河南省自然科学基金(162300410334)

摘　　要：通过将边界网关协议(BGP)更新报文激增异常问题抽象为二分类问题,提出一种基于改进高斯核函数的BGP异常检测(IGKAD)方法。采用FMS特征选择算法,选择能同时最大化类间距离和最小化类内距离的特征,得到度量分类能力的特征权值。利用基于Manhattan距离与特征权值的改进高斯核函数构造支持向量机(SVM)分类模型,并结合基于网格搜索与交叉验证的参数寻优方法,提高SVM模型分类准确率。通过设计特征效率函数,给出最优特征子集构造方法,从而选取最优特征子集作为训练数据集。实验结果表明,当训练集包含TOP10和TOP8特征时,IGKAD方法的分类准确率分别为91.65%和90.37%,相比基于机器学习的BGP异常检测方法分类性能更优。ing the Border Gateway Protocol(BGP)update message augmentation anomaly problem into a two-class problem,an Improved Gaussian Kernel Function-based BGP Anomaly Detection(IGKAD)method is proposed.The Fisher-Markov Slector(FMS)feature selection algorithm is used to select the feature that can simultaneously maximize the distance between classes and minimize the distance within the class,and obtain the feature weights of metric classification ability.The improved Gaussian kernel function based on Manhattan distance and feature weight is used to construct the Support Vector Machine(SVM)classification model,and the parameter optimization method based on grid search and cross-validation is combined to improve the classification accuracy of SVM model.By designing the feature efficiency function,the optimal feature subset construction method is given,which is selected as the training dataset.Experimental results show that when the training set contains TOP10 and TOP8 features,the classification accuracy of the IGKAD method is 91.65%and 90.37%,respectively.Compared with the machine learning-based BGP anomaly detection method,the classification performance is better.

关 键 词：高斯核函数 边界网关协议 异常检测 支持向量机 机器学习 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]