期刊文献+

基于决策树的端口扫描恶意流量检测研究 被引量:2

Malicious Traffic Detection in Port Scanning based on Decision Tree
下载PDF
导出
摘要 入侵检测系统(Intrusion Detection System,IDS)与入侵防护系统(Intrusion Prevention System,IPS)是对抗日益增长的互联网安全需求最重要的工具。在入侵检测中,检测端口扫描攻击往往是发现遭受攻击的第一步。传统的基于规则提取的检测方式需要耗费大量的人力,且规则库需要不断更新。因此,提出了一种基于决策树的端口扫描恶意流量检测方法,并通过CICIDS2017数据集的真实流量进行训练、测试,验证了该方法在检测端口扫描恶意流量上的可行性。 IDS(Intrusion Detection System)and IPS(Intrusion Prevention System)are the most important tools to counter the growing requirement for Internet security.In intrusion detection,detection of port-scan attacks is often the first step in discovering attacks.The traditional detection method based on rule extraction always costs large amount of manpower and the rule library needs to be constantly updated.Therefore,a method of port-scan malicious traffic detection based on decision tree is proposed,and the feasibility of this method is verified by training and testing the real traffic of CICIDS2017 data set.
作者 王远帆 施勇 薛质 WANG Yuan-fan;SHI Yong;XUE Zhi(School of Electronic Information and Electrical Engineering,Shanghai Jiao Tong University,Shanghai 200240,China)
出处 《通信技术》 2020年第8期2002-2005,共4页 Communications Technology
关键词 决策树 端口扫描 恶意流量检测 CART算法 decision tree port-scan malicious traffic detection CART algorithm
  • 相关文献

参考文献1

二级参考文献4

  • 1[1]Fyodor.The Art of Scanning[EB/OL].Phrack 51 www. phrack. com
  • 2[2]CERT Advisory CA-96.21: TCP SYN Flooding and IP Spoofing Attacks. 24 September 1996.
  • 3[3]Phrack .Port Scanning without the SYN flag / Uriel Maimon. Phrack 49-15.
  • 4[4]Stuart Staniford, Jams A. Hoagland ,et al. Practical Automated.

共引文献11

同被引文献16

引证文献2

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部