局域网恶意代码入侵过程的痕迹数据监测仿真  被引量：1

作　　者：毛养红[1] 程学军 MAO Yang-hong;CHENG Xue-jun(South China Institute of Software Engineering,Guangzhou University,Guangzhou Guangdong 510990,China;Luohe Institute of Technology,Henan University of Technology,Luohe Henan 462002,China)

机构地区：[1]广州大学华软软件学院,广东广州510990 [2]河南工业大学漯河工学院,河南漯河462002

出　　处：《计算机仿真》2020年第1期263-266,271,共5页Computer Simulation

摘　　要：当前方法在监测局域网恶意代码入侵过程的痕迹数据时,由于受提取的数据特征数目影响导致监测准确率和监测率不高。提出基于人工生物免疫的局域网恶意代码入侵痕迹数据监测方法,采用加权处理的信息增益特征提取方法提取局域网恶意代码入侵过程的痕迹数据信息增益和特征频率。将提取的数据特征编码后存储在云空间中,通过模拟人工生物免疫过程,生成局域网恶意代码入侵痕迹数据特征监测装置集合,通过调节克隆系数和增加柯西变异步长因子对监测装置集合做优化处理生成新的监测装置,利用该装置和加权评分法判断局域网未知数据样本的恶意系数,根据其与恶意系数阈值大小判定样本中是否含有恶意代码入侵痕迹数据。实验结果表明,所提方法具有较高的监测准确率和监测率,且在提取特征数目小于800个时监测效果最佳。A method for monitoring the malicious code intrusion trace data of local area network based on artificial biological immunity was proposed.Firstly,the weighted method of information gain feature extraction was used to ex-tract the trace data information gain and feature frequency of local area network malicious code intrusion process.Sec-ondly,the extracted data features were encoded and stored in the cloud space.Through simulating the artificial bio-logical immune process,the monitoring device set of local area malicious code intrusion trace data feature was genera-ted.By adjusting the cloning coefficient and increasing the Cauchy mutation step length factor,the monitoring device set was optimized to generate a new monitoring device.Moreover,this device and the weighted scoring method were used to judge the malicious coefficient of unknown data sample in local area network.Finally,the malicious coeffi-cient and the threshold value of malicious coefficient were used to determine whether sample contained malicious code intrusion trace data.Simulation results show that the proposed method has higher monitoring accuracy and monitoring rate.Meanwhile,the monitoring effect is best when the number of extracted features is less than 800.

关 键 词：局域网 恶意代码 入侵 痕迹数据 监测 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]