检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:裴兰珍[1,2] 林明亮 罗赟骞 许冰 PEI Lanzhen;LIN Mingliang;LUO Yunqian;XU Bing(School of Air and Missile Defense,Air Force Engineering University,Xi爷an 710051,China;Unit 93221 of PLA,Beijing 100085,China;China Hainan Sub Center,National Computer Network Emergency Response Technology Coordination Center,Haikou 570206,China;CEC Great Wall Internet Security Technology Research Institute(Beijing)co.LTD,Beijing 100097,China)
机构地区:[1]空军工程大学防空反导学院,西安710051 [2]解放军93221部队,北京100085 [3]国家计算机网络应急技术处理协调中心海南分中心,海口570206 [4]中电长城网际安全技术研究院(北京)有限公司,北京100097
出 处:《电子信息对抗技术》2020年第5期79-84,共6页Electronic Information Warfare Technology
摘 要:针对僵尸网络难以有效检测的问题,构建了一种基于Light GBM的僵尸网络检测模型。首先,构建了一种基于流的多变量网络流特征,该特征能够全面反映网络流量性质,并编写Zeek插件实现了高速流量下的流特征数据采集。接着,基于Light GBM构建僵尸网络检测模型,该模型的检测准确率为99.986%。最后,将该模型与基于随机森林和半监督算法的检测模型进行比较;结果表明该模型检测准确率更高,能够有效检测僵尸网络。To solve the problem that Botnet is difficult to detect effectively,the Botnet detection model based on Light GBM is constructed.First,the multivariate network flow characteristics of flow is constructed,so that the features are able to fully reflect the nature of network traffic,and the Zeek plug-in is programmed to implement characteristics of the high-speed flow.Then,the Botnet detection model is built based on Light GBM,the accuracy of the model is 99.986%.Fi-nally,the model is compared with the detection model based on random forest and semi-super-vised algorithm.The results show that this model has higher detection accuracy and can effective-ly detect Botnet.
关 键 词:网络空间安全 僵尸网络 机器学习 网络流 异常检测 Light GBM
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.15
