基于PSO-KM聚类分析的通信网络恶意攻击代码检测方法 |
| |
引用本文: | 李梅,朱明宇.基于PSO-KM聚类分析的通信网络恶意攻击代码检测方法[J].计算机测量与控制,2024,32(1):8-15. |
| |
作者姓名: | 李梅 朱明宇 |
| |
作者单位: | 苏州高博软件技术职业学院, |
| |
基金项目: | 江苏省高等职业教育高水平专业群(苏教职函[2021] 1号);江苏省高等职业教育高水平骨干专业建设项目(苏教高[2017] 17号) |
| |
摘 要: | 恶意代码的快速发展严重影响到网络信息安全,传统恶意代码检测方法对网络行为特征划分不明确,导致恶意代码检测的结果不够精准,研究基于PSO-KM聚类分析的通信网络恶意攻击代码检测方法。分析通信网络中恶意攻击代码的具体内容,从网络层流动轨迹入手提取网络行为,在MFAB-NB框架内确定行为特征。通过归一化算法选择初始处理中心,将分类的通信网络行为特征进行归一化处理,判断攻击速度和位置。实时跟进通信网络数据传输全过程,应用适应度函数寻求恶意代码更新最优解。基于PSO-KM聚类分析技术构建恶意代码数据特征集合,利用小批量计算方式分配特征聚类权重,以加权平均值作为分配依据检测恶意攻击代码,实现检测方法设计。实验结果表明:在本文方法应用下对恶意攻击代码检测的正确识别率可以达到99%以上,误报率可以控制在0.5%之内,具有应用价值。
|
关 键 词: | 恶意攻击代码 通信网络 PSO-KM聚类分析 聚类权重 网络行为特征 行为优劣程度 |
收稿时间: | 2023/2/7 0:00:00 |
修稿时间: | 2023/4/7 0:00:00 |
Detection Method of Malicious Attack Codes in Communication Network Based on PSO-KM Cluster Analysis |
| |
Abstract: | The rapid development of malicious code has seriously affected the network information security. The traditional malicious code detection methods do not clearly divide the network behavior characteristics, resulting in inaccurate malicious code detection results. Therefore, research on malicious attack code detection methods for communication networks based on PSO-KM clustering analysis. The specific content of malicious attack code in communication network is analyzed, and the network behavior is extracted from the flow trajectory of network layer, and the behavior characteristics are determined in the MFAB-NB framework. The initial processing center is selected by the normalization algorithm, and the behavior characteristics of the classified communication network are normalized to judge the attack speed and location. Follow up the whole process of communication network data transmission in real time and apply fitness function to seek the optimal solution of malicious code updating. The feature set of malicious code data was constructed based on the PSO-KM clustering analysis technology, and the weight of the feature cluster was allocated using the small batch calculation method. The weighted average value was used as the distribution basis to detect the malicious attack code, and the detection method was designed. The experimental results show that the correct recognition rate of malicious attack code detection can reach more than 99% and the false positive rate can be controlled within 0.5% under the application of this method, which has application value. |
| |
Keywords: | Malicious attack code Communication network PSO-KM cluster analysis Cluster weight Network behavior characteristics Degree of good or bad behavior |
|
| 点击此处可从《计算机测量与控制》浏览原始摘要信息 |
|
点击此处可从《计算机测量与控制》下载全文 |