大规模集群网络疑似攻击自主检测方法仿真  被引量：2

作　　者：郭倩林 张翰林 GUO Qian-lin;ZHANG Han-lin(Smart Campus&Information Construction Center,Qingdao University,Qingdao Shandong 266071,China;College of Computer Science&Technology,Qingdao University,Qingdao Shandong 266071,China)

机构地区：[1]青岛大学智慧校园与信息化建设中心,山东青岛266071 [2]青岛大学计算机科学技术学院,山东青岛266071

出　　处：《计算机仿真》2021年第3期264-267,340,共5页Computer Simulation

摘　　要：传统的攻击检测方法存在漏报率与误检率较高的问题。为更有效地保障网络安全,设计了大规模集群网络疑似攻击自主检测方法。根据网络攻击样本数据特征的协方差矩阵设置风险评估函数,并保持评估过程的平滑性。然后引入混合免疫方法定义所有节点,确定最佳节点数,通过识别矢量集中违反排名的节点数据对攻击行为作出初步判断。分析自体、抗体的动力学特征,获取网络攻击的记忆检测器动力学方程,再利用模糊数据分离法建立聚类目标函数,根据数据分离约束条件建立疑似攻击数据集合,通过联合评分偏离度判断出疑似攻击数据,实现自主检测。仿真结果表明,上述检测方法对大规模集群网络中的攻击行为的漏报率与误检率较低,且检测过程灵敏度高,可有效确保大规模集群网络的文件运行。Traditionally,the attack detection method has high false negative rate and false detection rate.In order to effectively ensure the network security,this paper designed an autonomous detection method for suspicious attacks in large-scale cluster network.According to the covariance matrix of characteristics of network attack sample data,the risk assessment functions were set,so that we could keep the smoothness of the assessment process.Then,the hybrid immune method was introduced to define all nodes and determine the number of optimal nodes.And then,we could make a preliminary judgment on the attack behavior by identifying the node data violating the ranking in the vector set.On this basis,we analyzed the dynamics characteristics of autoantibodies,and obtained the dynamics equation of memory detector of network attack.Moreover,we used the fuzzy data separation method to establish the clustering objective function.According to the separation of constraint condition,we established the set of suspicious attack data.Finally,we determined the suspicious attack data through the combined scores,and then the autonomous detection was achieved.Simulation results show that the proposed method has low missing rate,low false detection rate,and high sensitivity.

关 键 词：大规模集群网络 疑似攻击 攻击检测 模糊数据分离 评估函数 

分 类 号：TP391[自动化与计算机技术—计算机应用技术]