检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:曾煌尧 李丹丹 马严[1] 丛群 ZENG Huang-yao;LI Dan-dan;MA Yan;CONG Qun(Information Network Center,Institute of Network Technology,Beijing University of Posts and Telecommunications,Beijing 100876,China;Beijing Wrdtech Co.Ltd,Beijing 100082,China)
机构地区:[1]北京邮电大学网络技术研究院,北京100876 [2]北京网瑞达科技有限公司,北京100082
出 处:《浙江大学学报(工学版)》2020年第9期1761-1767,共7页Journal of Zhejiang University:Engineering Science
基 金:中央高校基本科研专项资金资助项目(2018RC21);国家CNGI专项资助项目(CNGI-12-03-001).
摘 要:基于账号的URL访问日志,通过检测风险设备定位风险账号;提取设备出现次数离散度、设备多账号风险度、收费网络占比等访问行为特征,将其量化为特征向量集;利用高斯混合模型(GMM)将所得到的特征向量集进行聚类,得出设备有异常访问行为的概率.使用修正余弦相似度算法计算同一账号下同类设备访问URL的相似程度.综合高斯混合模型的聚类结果和修正余弦相似度的计算结果得到风险账号的评估结果.实验结果表明,该方法在误报率低于5%的同时达到85%的检出率,可以在IP地址范围较小、账号登录频率不高的园区网环境下及时发现风险账号.The proposed method located risky accounts by detecting risky devices based on the URL access logs of the accounts;and the access behavior characteristics,such as the dispersion of device occurrences,the device multiaccount risk level,and the percentage of charged networks,were extracted and quantified into feature vector sets.The set of feature vectors was clustered using a Gaussian mixed model(GMM)to obtain the probability of abnormal device access behavior.The similarity of URLs accessed by similar devices under the same account was calculated with the modified cosine similarity algorithm.The results of GMM and the modified cosine similarity were combined to give the evaluation results of risky accounts.The experimental results show that the method can achieve the detection rate of 85%with the false alarm rate of less than 5%,which helps to detect risky accounts promptly in campus network environment with a small range of IP addresses and infrequent account logins.
关 键 词:统一资源定位符(URL) 园区网 风险评估 高斯混合模型(GMM) 余弦相似度
分 类 号:TP302[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.12.160.196
