摘要
随着网络攻击的复杂化、自动化、智能化水平的不断提高,网络中不断涌现出新的攻击类型,这些未曾见过的新攻击给基于特征码的网络攻击检测和响应带来了极大挑战。网络流量异常检测通过对网络流量进行分析,可以检测出与正常流量明显不同的流量,因其不依赖于静态特征码,被看作检测未知新攻击的有效手段。研究人员针对异常网络流量的检测提出了许多方案,包括基于统计学习法、基于无监督机器学习的方案、基于监督机器学习的方案,从流量特点、特征工程到检测模型,再到应用场景对这些方案进行了系统性综述。
As cyberattacks become more and more sophisticated,automated,and intelligent,new types of attacks keep pouring in networks,and these unseen new attacks pose great challenges to signature-based cyberattack detection and response.Network traffic anomaly detection is regarded as an effective means of detecting unknown attacks by analyzing network traffic and detecting traffic that is significantly different from normal traffic,because it does not rely on static signatures.Researchers proposed many schemes for the detection of abnormal network traffic,including statistical-based learning methods,unsupervised machine learning-based schemes,and supervised machine learning-based schemes.This paper provides a systematically review of these schemes from traffic features,feature engineering to detection models,and then to application scenarios.
作者
吴迪锋
孙昊翔
曹浪
谭天
WU Difeng;SUN Haoxiang;CAO Lang;TAN Tian(Hangzhou DPtech Technologies Co.,Ltd.,Hangzhou Zhejiang 310051,China;Hangzhou DPtech Information Technology Co.,Ltd.,Chengdu Sichuan 610041,China)
出处
《信息安全与通信保密》
2022年第8期101-111,共11页
Information Security and Communications Privacy
关键词
网络攻击
异常检测
机器学习
特征工程
cyberattack
anomaly detection
machine learning
feature engineering
