检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:许彩滇 刘晓丽[1] XU Caidian;LIU Xiaoli(Department of Cyber Crime Investigation,Criminal Investigation Police University of China,Shenyang 110035,China)
机构地区:[1]中国刑事警察学院网络犯罪侦查系,辽宁沈阳110035
出 处:《中国人民公安大学学报(自然科学版)》2020年第2期68-74,共7页Journal of People’s Public Security University of China(Science and Technology)
基 金:国家重点研发计划项目(2018YFC0830600);中国刑事警察学院研究生创新能力提升项目(2019YCYB21)。
摘 要:数据分析量巨大、逻辑关系复杂以及人工依赖程度高等因素增加了电子数据取证中行为分析的难度。针对网络入侵行为取证,提出了一种基于改进K-means聚类的机器学习分析方法。该算法改善了原有算法应用于取证所导致的缺陷问题,使初始聚类中心和聚类数能够依据向量分布情况自主进行设置,实现了网络行为智能属性归类。首先预处理网络行为数据,利用PV-DM模型将其向量化,基于改进算法寻找局部向量间相似度之和最大的向量,进而确定聚类中心与聚类数目,实现行为分类,由已知入侵行为信息关联出未知入侵用户及其行为,提升取证效率与结果完整性。Aiming at the problem of network intrusion behavior forensics that is difficult to obtain evidence in massive data,mechanical thinking,and the flaws in the application of K-means algorithm in forensics,the K-means algorithm is improved,and a forensic method of network intrusion behaviors based on the improved K-means clustering algorithm is proposed.The improved K-means algorithm automatically takes the condensed state center point in the data as the initial clustering center,and realizes the automatic classification of network behavior according to attributes.The network intrusion behavior forensics method proposed in this paper first uses the PV-DM model to vectorize the network behavior data to be forensic,and then uses the improved K-means algorithm to classify attributes,and the unknown intrusion users and related intrusion information are correlated with the known intrusion behavior information,so as to improve the efficiency of forensics and the integrity of the results.
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.3