摘要
僵尸网络作为一种新型攻击方式,如今已成为互联网安全领域面临的重大威胁之一。传统的僵尸网络检测算法在某些特定情境下可以达到很好的检测效果。然而,这些检测算法仍然存在问题,例如在检测现实世界中的真实流量时,存在特征提取标准不统一、低准确率、低召回率等现象,并且无法有效地检测未知僵尸网络。传统检测方法在真实世界的海量流量下问题频出,因此提出了BRNet,整个BRNet检测模型分为两部分。第一部分通过设定的统一标准从数据包的标头中提取原始数据。第二部分提出了ReconNet模型,可以充分利用数据的有限特征进行特征重用,以提高分类性能。在ISCX-2014僵尸网络数据集上的实验结果表明,准确率可以达到99.29%,F1分数达到99.02%,优于目前大多数检测方法,且具有很强的泛化能力。此外,该模型在CICIDS2017和DARKNET2020数据集上也取得了不错的效果。
As a new attack method,botnets have become one of the major threats in the field of Internet security.Traditional botnet detection algorithms can achieve good detection results in some specific situations.However,these detection algorithms still have problems.For example,when detecting real traffic in the real world,there are phenomena such as inconsistent feature extraction standards,low accuracy and low recall,and they cannot effectively detect unknown botnets.Traditional detection methods often have problems under the massive traffic in the real world,so we propose BRNet,and the entire BRNet detection model is divided into two parts.The first part extracts the raw data from the header of the packet through a set uniform standard.The second part proposes the ReconNet model,which can make full use of the limited features of the data for feature reuse to improve the classification performance.The experiments on the ISCX-2014 botnet dataset show that the accuracy rate can reach 99.29%,and the F1 score can reach 99.02%,which is better than that of most current detection methods,with strong generalization ability.In addition,this model can also achieve good results in the CICIDS2017 and DARKNET2020 datasets.
作者
何娅蓥
覃仁超
舒月
蒋瑞林
李丫
刘国航
HE Ya-ying;QIN Ren-chao;SHU Yue;JIANG Rui-lin;LI Ya;LIU Guo-hang(School of Computer Science and Technology,Southwest University of Science and Technology,Mianyang 621000,China;School of Cyberspace Security,Chengdu University of Information Technology,Chengdu 610000,China)
出处
《计算机技术与发展》
2023年第4期108-113,共6页
Computer Technology and Development
基金
中国科学院国家自然科学基金资助项目(62102049)
四川省科技计划(2022YFG0339)。
