摘要
未知访问源以匿名方式进行攻击或入侵是一种具有匿名性和变化性特点的攻击手段,其多样化和复杂性使得准确识别攻击者的来源变得困难,增加了预警的难度。为此,提出一种移动网络未知访问源安全性远程预警方法。构建平均功率谱密度函数,结合不同特征构建访问行为特征向量,利用半监督支持向量机识别访问行为,利用二阶时域分布检测方法得到特征重组后的信号;其次,引入随机森林算法检测恶意访问行为,计算具体恶意访问行为风险发生概率,依据风险等级实现未知访问源安全性远程预警。实验结果表明,所提方法的整体漏警率最高仅为2%,误警率均在1%以下,且内存开销接近内存阈值。
Anonymous attacks or intrusions from unknown access sources are a type of attack method with characteristics of anonymity and variability.Its diversity and complexity make it difficult to accurately identify the source of the attacker,increasing the difficulty of early warning.To this end,a remote security warning for unknown access sources in mobile networks is proposed.An average power spectral density function is constructed,the access behavior feature vectors is constructed by combinign with different features,semi-supervised support vector machine is used to identify access behavior,and the second-order time-domain distribution detection method is used to obtain the signal after feature recombination.The random forest algorithm is introduced to detect malicious access behavior,calculate the probability of specific malicious access behavior risks,and implement remote security warning for unknown access sources based on risk levels.The experimental results show that the overall false alarm rate of the proposed method is only 2%,with false alarm rates below 1%,and memory overhead close to the memory threshold.
作者
沈越欣
尹晓宇
张敏
许静萱
SHEN Yuexin;YIN Xiaoyu;ZHANG Min;XU Jingxuan(School of Computer Science and Engineering,Northeastern University,Shenyang 110167,China)
出处
《现代电子技术》
北大核心
2024年第12期69-73,共5页
Modern Electronics Technique
关键词
移动网络
未知访问源
安全威胁识别
远程预警
访问行为检测
半监督支持向量机
mobile network
unknown access source
security threat identification
remote warning
access behavior detection
semi-supervised support vector machine
