期刊文献+

基于用户画像的异常行为检测 被引量:14

Abnormal Behavior Detection based on User Profile
下载PDF
导出
摘要 近年来,网络安全已经成为各界关注的焦点问题,而异常用户的检测是网络安全中十分重要的一个方面。通过编写python程序采集用户的行为数据形成用户画像,从而建立检测模型。模型通过对用户行为进行特征提取,运用机器学习的方法对正常用户的行为进行学习,通过马氏距离和孤立森林算法判定受测行为是否异常。模型比较了两种算法的性能,结果表明该模型在模拟实验中能够快速准确地检测出异常用户,在网络安全领域能提供一定的参考价值。 In recent years,network security becomes the focus of attention from all walks of life,while the detection abnormal users are an important aspect in network security.By writing Python program,the user behavior data could be collected,thus to form user profile and establish detection model.The model,by extracting behavior characteristics of the user,user's machine-learning method and exercises the behavior learning of normal users,and then judges whether the user is abnormal by using Mahalanobis distance and isolation forest algorithm.The experiment and comparison with the two traditional algorithms indicate that the proposed model could detect the abnormal users quickly and accurately,and thus could provide some reference value for the research field of network security.
出处 《通信技术》 2017年第10期2310-2315,共6页 Communications Technology
基金 国家自然科学基金重点项目(No.61332010)~~
关键词 用户画像 异常行为检测 机器学习 马氏距离 孤立森林 user profile abnormal behavior detection machine learning Mahalanobis distanee isolation forest
  • 相关文献

参考文献1

二级参考文献7

  • 1Lane T.Machine learning techniques for the computer security domain of anomaly detection[D].Ph D Thesis.Purdue University,2000
  • 2Lee W,Dong X.Information-Theoretic measures for anomaly detection[C].In:Proceedings of the 2001 IEEE Symposium on Security and Privacy,Oakland,USA,2001:130~ 134
  • 3Lane T,Brodley C E.Temporal sequence learning and data reductin for anomaly detection[J].ACM Transactions on Information and System Security,1999; (2):295~331
  • 4Warrender C,Forrest S,Pearlmutter B.Detecting Intrusions Using System Calls:Alternative Data Models[C].In:Proceedings the 1999 IEEE Symposium on Security and Privacy,Berkely,California,USA:IEEE Computer Society,1999:133~145
  • 5Kosoresow A P,Hofmeyr S A.A shape of self for UNIX processes[J].IEEE Software,1997;14(5):35~42
  • 6连一峰,戴英侠,王航.基于模式挖掘的用户行为异常检测[J].计算机学报,2002,25(3):325-330. 被引量:84
  • 7田新广,高立志,李学春,张尔扬.一种基于隐马尔可夫模型的IDS异常检测新方法[J].信号处理,2003,19(5):420-424. 被引量:6

共引文献7

同被引文献137

引证文献14

二级引证文献107

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部