摘要
操作系统识别是网络安全评估的关键技术之一,在网络安全威胁和风险日益加剧的形势下,其研究具有非常重要的意义。针对当前基于TCP/IP协议栈指纹库的操作系统识别技术难以辨识未知指纹所对应的操作系统的问题,提出了基于C4.5决策树模型的被动操作系统识别方法,并将它与其他分类算法进行了比较。通过实验测试验证了分类方法的有效性,并对其结果进行了分析。
As the problem of network treat is getting worse,it makes great sense to study the method of operation sys- tem recognition, which is a key part of network security evaluation. Current operation system recognition based on TCP/IP stack fingerprint database can not recognize unknown fingerprints. A passive operating system identification method based on decision tree was proposed, and it was compared with other classification algorithms. Experiment shows that this classification algorithm owns a better effectiveness and gives the explanation about the result.
作者
易运晖
刘海峰
朱振显
YI Yun-hui LIU Hai-feng ZHU Zhen-xian(School of Telecommunication Engineering,Xidian University,Xi'an 710071,China)
出处
《计算机科学》
CSCD
北大核心
2016年第8期79-83,共5页
Computer Science
基金
国家自然科学基金资助项目(61072067)
高等学校科学创新引智计划(2009K01-46)资助