| 基于shell命令的内部攻击检测 |
| |
| 引用本文: | 陈明帅,吴克河.基于shell命令的内部攻击检测[J].计算机与现代化,2021,0(1):56-60. |
| |
| 作者姓名: | 陈明帅 吴克河 |
| |
| 作者单位: | 华北电力大学(北京)控制与计算机工程学院,北京 102206;华北电力大学(北京)控制与计算机工程学院,北京 102206 |
| |
| 摘 要: | 信息系统不仅面临着外部攻击的威胁,同时也面临着来自系统内部的威胁。本文针对系统内部攻击,首先对信息系统的内部威胁和内部攻击进行简要阐述和分析。基于用户操作行为的一般规律,提出几种检测模型,通过对比检测结果找出检测效果好的检测模型。基于SEA公开数据集,采用词袋、TF-IDF、词汇表以及N-Gram几种方法进行特征提取,使用不同的机器学习算法建立检测模型,包括XGBoost算法、隐式马尔可夫和多层感知机(MLP)。结果显示:测试样本采用词袋+N-Gram特征模型和XGBoost学习算法的精确率和召回率较高,检测效果最好。
|
| 关 键 词: | 内部攻击检测 极端梯度提升决策树 多层感知机 隐式马尔可夫 |
| 收稿时间: | 2021-01-29 |
Internal Attack Detection Based on Shell Command |
| |
| CHEN Ming-shuai,WU Ke-he.Internal Attack Detection Based on Shell Command[J].Computer and Modernization,2021,0(1):56-60. |
| |
| Authors: | CHEN Ming-shuai WU Ke-he |
| |
| Abstract: | Information system not only faces the threat of external attack, but also faces the threat from the internal system. In this paper, aiming at the internal attacks of the system, the internal threats and internal attacks of the information system are briefly described and analyzed. Based on the general rules of user’s operation behavior, this paper proposes several detection models, and finds out a good detection model by comparing the detection results. Based on SEA open data set, feature extraction uses several methods, such as word bag, TF-IDF, vocabulary and N-Gram, and uses different machine learning algorithms to build detection model, including XGBoost algorithm, implicit Markov and multi-layer perceptron (MLP). The results show that the accuracy and recall rate of the test samples using the word bag+N-Gram feature model and XGBoost learning algorithm are high, and the detection effect is the best. |
| |
| Keywords: | |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《计算机与现代化》浏览原始摘要信息 |
|
点击此处可从《计算机与现代化》下载全文 |
|
