摘要
针对网络异常流量检测问题,文章提出一种基于网络流量特征属性信息熵的异常流量检测方法。该方法首先计算描述网络流量特征变化的源端口号、目的端口号、源IP地址和目的IP地址这4种特征属性信息熵,并进行归一化处理,降低异常样本数据对分类性能的影响;然后利用自适应遗传算法对支持向量机分类器的惩罚参数和核函数参数进行优化,提高分类器泛化能力,同时改进遗传算法的交叉算子和变异算子,减少支持向量机分类器的训练时间;最后通过训练好的支持向量机分类器识别4种流量特征属性信息熵的变化以实现网络异常流量检测。仿真实验表明,该方法提取的4种流量特征属性信息熵能够有效表征异常流量变化,在多种异常流量类型条件下,具有较高的异常流量识别率和较低的误判率,且检测方法的鲁棒性较好。
Aiming at the problem of network abnormal flow detection,this paper proposes an abnormal flow detection method based on network flow feature attribute information entropy.This method firstly calculates the four feature attribute information entropies of source port number,destination port number,source IP address and destination IP address which describe the change of network flow feature.At the same time,normalization is performed to reduce the impact of abnormal sample data on classification performance.Then,the adaptive genetic algorithm is used to optimize the penalty parameters and kernel function parameters of the support vector machine classifier to improve the generalization ability of the classifier.At the same time,the crossover operator and mutation operator of the genetic algorithm are improved to reduce the training time of the support vector machine classifier.Finally,the trained support vector machine classifier is used to recognize the change of the four flow feature attribute information entropies to realize the network abnormal flow detection.Simulation experiments show that the four flow feature attribute information entropies extracted by the method can effectively characterize abnormal flow change.Under a variety of abnormal flow types,the method has a high abnormal flow recognition rate and a low false positive rate,and the robustness of the detection method is better.
作者
刘奕
李建华
张一瑫
孟涛
LIU Yi;LI Jianhua;ZHANG Yitao;MENG Tao(Information and Navigation College,Air Force Engineering University,Xi’an 710077,China;Vocational Education Center of Air Force Engineering University,Xi’an 710038,China)
出处
《信息网络安全》
CSCD
北大核心
2021年第2期78-86,共9页
Netinfo Security
基金
国家自然科学基金[61871396]。
关键词
信息熵
异常流量检测
支持向量机
参数优化
information entropy
abnormal flow detection
support vector machine
parameter optimization
作者简介
通信作者:刘奕(1983-),女,江苏,博士研究生,主要研究方向为网络安全,sonys16@163.com;李建华(1965-),男,陕西,教授,博士,主要研究方向为空天信息网络系统规划建设;张一瑫(1983-),男,陕西,讲师,硕士,主要研究方向为无线电通信与导航;孟涛(1967-),女,江苏,副教授,硕士,主要研究方向为通信对抗技术。
