摘要
机器学习算法是当前检测网络入侵的主要方法。然而,现有入侵检测方法提取攻击报文特征的维度较小,导致检测精度偏低。针对该问题,文章提出了面向DDoS入侵检测的报文特征提取方法(DDoS Message Feature Extraction,DMFE)。该方法在分析DDoS攻击过程的基础上,根据报文协议将DDoS攻击分为五类,并针对不同的类型提取其特征向量,增加了攻击报文特征的维度与表达能力,有利于提升入侵检测算法的精度。模拟实验结果表明,DMFE与现有的其他特征提取方法相比,能够有效地提高基于神经网络、K-近邻等入侵检测方法的精度。此外,DMFE受分类算法种类影响弱,可以适用于多种机器学习算法并取得了几乎相同的效率。
Machine learning algorithms have been widely used in the field of network intrusion detection.However,existing intrusion detection methods extract attack message features with small dimensions,resulting in low detection accuracy.Contrapose to the above problem,a DDoS intrusion detection-oriented message feature extraction method(DMFE)is proposed.Based on the analysis of DDoS attack process,this method divides DDoS attack into five categories according to the message protocol,and extracts its feature vectors according to different types,which increases the feature dimension of attack message,improves the feature expression ability,and is conducive to improving the accuracy of intrusion detection algorithm.Simulation results indicate that compared with other feature extraction methods,DMFE feature extraction method can effectively improve the accuracy of intrusion detection methods based on neural network,k-nearest neighbor etc.In addition,due to the weak influence of classification algorithm,DMFE can be applied to a variety of machine learning algorithms and achieve almost the same efficiency.
作者
赵桦筝
黄元浦
孙岭新
杜昊
郭凯文
Zhao Huazheng;Huang Yuanpu;Sun Lingxin;Du Hao;Guo Kaiwen(School of Software,Zhengzhou University,Henan Zhengzhou 450002)
出处
《网络空间安全》
2020年第3期24-29,共6页
Cyberspace Security
基金
郑州大学大学生创新创业训练计划项目(项目编号:No.2019cxcy666)。
关键词
网络安全
特征提取
数据挖掘
机器学习
分布式拒绝服务攻击
internet security
feature extraction
data mining
machine learning
distributed denial of service
