检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:蒙治伸 张振威 朱思义 谷源涛[1] MENG Zhi-shen;ZHANG Zhen-wei;ZHU Si-yi;GU Yuan-tao(Department of Electronic Engineering,Tsinghua University,Beijing 100084,China;Key Laboratory of Blind Signal Processing,Chengdu Sichuan 610000,China)
机构地区:[1]清华大学电子工程系,北京100084 [2]盲信号处理重点实验室,四川成都610000
出 处:《计算机仿真》2022年第10期395-399,404,共6页Computer Simulation
摘 要:针对目前绝大多数网络流量分析只是基于底层和单一主机层次的分析,缺少更高层次的分析而不利于找出普遍性规律的问题,提出一个从主机群层面进行网络流量分析的方法。方法利用采集到的网络流量PCAP数据包,提取其五元组信息组成网络流;分析得到网络流中主机的关键信息,再依照重新定义的主机行为特征对主机进行画像;最后对主机进行聚类,对结果进行分析。实验结果表明,上述方法的主机聚类结果可以对目标主机群进行一个有效的分类,且聚类结果相较于其它方法在稳定性上也得到了一定的提升。Due to most of the network traffic analysis is based on the analysis of the underlying network flow level and the single host level, which is lack of higher level analysis and is not conducive to find out the universal law, a network traffic analysis method based on the host group level is proposed. Firstly, the collected network traffic PCAP data packet was used to extract its five-tuple information and form the network flow. Secondly, the key information of the host from the network flow was analyzed and obtained, and then the host profile was obtained according to the redefined host behavior characteristics in this paper. Finally, the hosts were clustered and the results were analyzed. The experimental results show that the host clustering results of this method can effectively classify the target host group, and the stability of the clustering results is also improved compared with other methods.
分 类 号:TP393[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.142.200.134