摘要
入侵检测系统(Intrusion Detection System,IDS)与入侵防护系统(Intrusion Prevention System,IPS)是对抗日益增长的互联网安全需求最重要的工具。在入侵检测中,检测端口扫描攻击往往是发现遭受攻击的第一步。传统的基于规则提取的检测方式需要耗费大量的人力,且规则库需要不断更新。因此,提出了一种基于决策树的端口扫描恶意流量检测方法,并通过CICIDS2017数据集的真实流量进行训练、测试,验证了该方法在检测端口扫描恶意流量上的可行性。
IDS(Intrusion Detection System)and IPS(Intrusion Prevention System)are the most important tools to counter the growing requirement for Internet security.In intrusion detection,detection of port-scan attacks is often the first step in discovering attacks.The traditional detection method based on rule extraction always costs large amount of manpower and the rule library needs to be constantly updated.Therefore,a method of port-scan malicious traffic detection based on decision tree is proposed,and the feasibility of this method is verified by training and testing the real traffic of CICIDS2017 data set.
作者
王远帆
施勇
薛质
WANG Yuan-fan;SHI Yong;XUE Zhi(School of Electronic Information and Electrical Engineering,Shanghai Jiao Tong University,Shanghai 200240,China)
出处
《通信技术》
2020年第8期2002-2005,共4页
Communications Technology