摘要
在研究APT攻击的防御方案过程中,针对提取APT样本网络特征的维数过高问题,提出一种基于k-means++聚类的APT样本有效网络特征筛选算法。该算法的思路是首先基于聚类的思想将提取的原特征集划分成APT流量特征集与背景流量特征集,然后计算去掉某一维特征向量后聚类性能的变化程度,最后根据该结果评价该特征向量的区分度。其中,有效特征向量即为区分度超过设定阈值的特征向量。目的就是从提取的原特征集中筛选出有效特征,达成对特征的降维,从而降低后续威胁情报形成和部署检测工作的时空开销。实验结果表明,该算法具有一定可行性,针对此问题相比于其他筛选算法具有一定的优势。
By studying the defense scheme of APT attacks,this paper proposes an effective network feature filtering algorithm based on k-means++clustering to deal with the problem of high dimensionality of network features which extracted from APT samples.Firstly,this algorithm divides the original feature set into APT traffic feature set and normal traffic feature set by the clustering method.Then,it calculates the degree of variation of clustering performance after removing a certain dimension feature.Finally,the degree of discrimination of the feature vector is evaluated according to the result.Among them,the effective feature vector is whose discrimination degree exceeds the set threshold.The purpose of this paper is to filter out the effective features from the extracted original feature sets.In this way,it can reduce the dimension-ality of the features so as to reduce the space-time overhead of subsequent threat intelligence formation and detection.The experimental results show that the proposed algorithm is feasible and has some advantages over other filtering algorithms.
作者
李翼宏
杜镇宇
胡劲松
LI Yihong;DU Zhenyu;HU Jinsong(Department of Network,Electronic Countermeasure Institute,National University of Defense Technology,Hefei 230037,China)
出处
《计算机工程与应用》
CSCD
北大核心
2019年第3期83-89,共7页
Computer Engineering and Applications
基金
国家自然科学基金(No.U1636201)
