基于机器学习的零日攻击检测技术综述  

作　　者：产院东 沈鸿喆 张欣怡 杨留磊 胡杰[1] 夏爽[1] Chan Yuandong;Shen Hongzhe;Zhang Xinyi;Yang Liulei;Hu Jie;Xia Shuang(The 28th Institute of China Electronics Technology Group Corporation,Nanjing 210007,China)

机构地区：[1]中国电子科技集团公司第28研究所,南京210007

出　　处：《信息化研究》2024年第3期1-7,共7页INFORMATIZATION RESEARCH

摘　　要：在当今信息时代,网络攻击已经成为危害严重的全球性问题。零日(0-day)攻击,即利用未知漏洞进攻目标系统,是最具挑战性的攻击之一。传统的基于签名的检测算法在检测零日攻击方面效果甚微,因为零日攻击的签名通常是不可知的。基于机器学习的检测方法能够捕捉攻击的统计特征,因此有望能用于零日攻击检测。本文对基于机器学习的零日攻击检测算法进行了全面回顾,主要包括无监督机器学习算法、监督机器学习算法、混合学习算法以及迁移学习算法。通过评估各类基于机器学习的零日检测算法发现,机器学习技术在零日攻击检测领域具有重要的应用价值。基于机器学习的零日攻击检测算法及相关软件可以辅助安全分析师捕捉未知威胁,提高零日攻击的分析效率和精度,降低零日攻击威胁分析成本,保护机构及组织的资产安全。Cyber-attacks have become a serious global problem.Zero-day attacks,which exploit unknown vulnerabilities to attack target systems,are one of the most challenging attacks.The studies show that zero-day attacks are wide spread and are one of the major threats to computer security.The traditional signature-based detection method is not effective in detecting zero-day attacks as the signatures of zero-day attacks are typically not available beforehand.Machine Learning(ML)-based detection method is capable of capturing attacks statistical characteristics and is,hence,promising for zero-day attack detection.In this paper,a comprehensive review of ML-based zero-day attack detection approaches is conducted,including unsupervised machine learning,supervise learning,hybrid learning and transfer learning algorithm.The related evaluation show that machine learning technology has important application value in the field of zero-day attack detection.Machine learning-based zero-day attack detection algorithm and related software can assist security analysts to capture unknown threats,improve the efficiency and accuracy of zero-day attack analysis,reduce the cost of zero-day threat analysis,and protect the asset security of institutions and organizations.

关 键 词：机器学习 零日攻击 网络安全 监督学习 非监督学习 迁移学习 

分 类 号：TP301.4[自动化与计算机技术—计算机系统结构]