摘要
日益增长的网络流量使得有效识别恶意访问成为亟待解决的网络安全问题之一,现有的检测方法多是基于域名黑名单展开研究的,忽略了非黑名单中也可能存在着隐藏的恶意访问。为了解决上述问题,利用了时间序列的分析方法建立了一种基于URL的恶意访问检测模型。首先,以用户访问某域名的URL日志为研究对象,从域名访问相似度、信息熵、功率谱密度等多维度挖掘恶意访问的表现特征,然后结合混合高斯聚类算法给出基于URL的恶意访问检测模型。实验结果表明,该模型具有较高的准确率。
The growing network traffic makes effective identification of malicious access one of the network security issues that need to be addressed.Most of the existing detection methods are based on the domain name blacklist,ignoring the hidden malicious access in the non-blacklist.In order to solve the above problems,a URL-based malicious access detection model by using time series analysis method was proposed.Firstly,the performance was studied and quantified characteristics of malicious access from multiple dimensionsby the user accessing the URL log of a domain name,such as domain name access similarity,information entropy and power spectral density.Then amalicious access detection model combined was generated with the Gaussian clustering algorithm.The experimental results show that the proposed model has higher accuracy.
作者
李梦玉
马严
黄小红
丛群
LI Mengyu;MA Yan;HUANG Xiaohong;CONG Qun(Institute of network technology,Beijing University of Posts and Telecommunications,Beijing 100876,China;Beijing WRD Technology Co.,Ltd.,Beijing 100876,China)
出处
《通信学报》
EI
CSCD
北大核心
2018年第A01期86-92,共7页
Journal on Communications
基金
中央高校基本科研业务专项资金(No.2018RC21
No.500418776)~~
关键词
URL
恶意访问
时间序列
信息熵
聚类
URL
malicious access
time series
information entropy
clustering
