| 基于能量特征和支持向量机的网络蠕虫检测方法 |
| |
| 引用本文: | 廖明涛,张德运,侯琳,张军.基于能量特征和支持向量机的网络蠕虫检测方法[J].计算机工程,2007,33(3):32-34. |
| |
| 作者姓名: | 廖明涛 张德运 侯琳 张军 |
| |
| 作者单位: | 1. 西安交通大学电信学院网络所,西安,710049
2. 西安建筑科技大学信控学院,西安,710055 |
| |
| 基金项目: | 国家高技术研究发展计划(863计划)
,
国家火炬计划 |
| |
| 摘 要: | 根据网络蠕虫攻击的特点,建立了能够反映蠕虫扫描特征的失败连接流量(FCT)时间序列,提出了一种基于FCT时间序列小波包能量特征和支持向量机(SVM)的蠕虫检测新方法。该方法利用小波包分析计算FCT时间序列在各频带投影序列的能量分布,获得能够表征蠕虫扫描的特征向量,使用经过样本训练的SVM分类器进行分类,实现蠕虫攻击扫描的自动检测。实验结果表明,该方法能够比较准确地检测蠕虫攻击,和理论值相比,漏报率低于6%,误报率低于1%。
|
| 关 键 词: | 蠕虫检测 能量特征 支持向量机 |
| 文章编号: | 1000-3428(2007)03-0032-03 |
| 修稿时间: | 2006-08-08 |
Detection of Network Worm Based on Energy Features and Support Vector Machine |
| |
| LIAO Mingtao,ZHANG Deyun,HOU Lin,ZHANG Jun.Detection of Network Worm Based on Energy Features and Support Vector Machine[J].Computer Engineering,2007,33(3):32-34. |
| |
| Authors: | LIAO Mingtao ZHANG Deyun HOU Lin ZHANG Jun |
| |
| Affiliation: | (1. Institute of Network, School of Electronics and Information, Xi’an Jiaotong University, Xi’an 710049; 2. Institute of Information and Control Engineering, Xi’an University of Architecture &; Technology, Xi’an 710055) |
| |
| Abstract: | To detect scanning network worm attack,failed connection flow(FCT) time series is established based on characteristics of worm attack,and a novel approach for worm detection based on energy features of FCT time series and support vector machine(SVM) is proposed.By computing the energy associated with each wavelet packet of FCT time series,this approach transforms the FCT time series into a series of energy distribution vector on frequency domain,then detects the worm using a SVM classifier.The experiment shows that the approach can detect worm attack effectively.Compared to theoretic value,the false positive rate is lower than 6%,and the false negative rate is lower than 1%. |
| |
| Keywords: | Worm detection Energy features Support vector machine(SVM) |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
