摘要
通过深入研究网络类别不平衡的原因,选择SMOTE(synthetic minority over-sampling technique)过抽样方法对数据集进行预处理,并充分利用特征匹配高准确性的优点识别和分拣出SSL加密流,进而利用基于互信息最大化的聚类方法和SVM分类方法进一步识别SSL加密应用,这种混合方法有效地结合了静态特征匹配和机器学习方法的优点.达到识别分类方法在准确性和识别速度的均衡。
Through a in-depth study about the reason of network class imbalance, a method called SMOTE was chosen over the data set sampling preprocess, making full use of the advantages which is high accuracy of traffic model feature matching identification and sorting out the encrypted SSL flow, and then using the clustering method and the SVM based on mutual information classification method to further identify SSL encryption specific application, like HrP3PS/POPS etc. The hybrid method effectively combines the advantages of static feature matching and machine learning methods, to achieve the balance of classification method on accuracy and speed.
出处
《电信科学》
北大核心
2015年第12期83-89,共7页
Telecommunications Science
基金
2013江苏省六大人才高峰计划项目
2013国家发展和改革委员会信息安全专项资助项目
国家电网公司2014年科技项目"电力信息通信网络流量预测和管道智能化关键技术研究及应用"
2015江苏省产学研前瞻性联合研究项目(No.BY2015011-02)~~
关键词
流量识别
流量分析
行为特征
行为建模
行为模型
traffic identification, traffic analysis, behavior characterization, behavior modeling, behavior pattern