摘要
对新型网络攻击信号进行准确有效检测的问题已有许多研究。网络攻击信号更新变化迅速,严重影响了网络环境的安全稳定,传统的网络攻击信号检测算法如ARMA模型算法检测性能不够理想。采用非线性信号处理的方法,基于期望最大化算法的高斯混合模型,结合Lorenz混沌系统进行同步控制,提出了一种改进的网络攻击检测算法。对网络数据流进行建模并检测,将差值这个特征作为混沌同步控制量,进行检测和判决。仿真结果表明改进的检测算法能有效检测网络攻击信号数据库中最新的5类攻击信号,与ARMA算法进行检测性能比较,检测概率同等条件下提升幅度明显,最高为15%以上,在网络攻击安全防御中展现优越的应用性能和前景。
The precise detection for the new types of network attack signals is going to be researched. An improved net-work attack signal detection algorithm was proposed based on expectation maximization algorithm (EMA) and Gaussian Mixture Model (GMM), the D-value of the network data flow vectors which was waiting for the detection and the normal data flow vector parameters vectors was used as the feature, and the Lorenz chaotic system was taken for synchronization control, the detection model was built for the network data, the D-value feature was take as the synchronization control value. The detection and judgment was accomplished based on the above work. Simulation result shows that the improved method can detect the new 5 types of network attack signals in the latest signals database. Comparing to the ARMA de-tection algorithm, the detection probability improves obviously under the same condition with improvement by 15%to the best. It shows predominant application prospect in the network safety defense.
出处
《科技通报》
北大核心
2014年第2期203-205,共3页
Bulletin of Science and Technology
关键词
混沌
网络攻击
期望最大化算法
检测
chaos
network attack
expectation maximization algorithm
detection
