摘要
为有效的从网络中挖掘出潜在威胁用户,提出了一种基于网络流量统计特征的异常用户挖掘方法。通过分析用户的网络流量,归纳出刻画网络流量集合的13个特征属性,包含网络流大小、数据包大小、数据包持续时间、数据包对称度等。在此基础上采用熵权决策法对每个特征选取合适的权重,计算出用户的行为威胁度,根据威胁度的大小和预先定义的阈值,将用户归为不同的威胁度分类等级。真实网络流量的实验结果显示,所提出的方法能够准确的实现潜在威胁的挖掘。
With the rapid development and w idely used of computer netw orks,potential threats mining become more and more important. To mine potential threats and solve the challenge posed by signature matching based methods,an abnormal behavior mining method based on statistical characteristics of netw ork traffic w as proposed. Firstly,13 attributes w ere extracted to capture the traffic characterization exactly,including netw ork flow size,packet size,packet duration,packet symmetry and so on. Secondly,the entropy w as employed to select appropriate w eight for different attributes. Finally,user behavior threaten degree are obtained and the users w ere divided into different groups based on the threaten degree. The experimental results based on the actual netw ork traffic verify that the method proposed can achieve the goal of potential threat mining.
出处
《山东大学学报(理学版)》
CAS
CSCD
北大核心
2018年第1期83-88,共6页
Journal of Shandong University(Natural Science)
基金
国家自然科学基金资助项目(61502438
61672026)
陕西省自然科学基金资助项目(2016JM6040)
国防基础科研资助项目(B0820132036)
关键词
异常用户行为挖掘
网络流量统计特征
网络用户管理
网络安全监控
abnormal user behavior mining
statistical characteristics of network traffic
network user management
network security monitoring