基于深度学习的网络空间操作系统识别技术研究

Research on Recognition Technology of Network Space Operating System Based on Deep Learning

针对网络空间中流量数据的数字资产探测问题,本文提出了一种基于卷积神经网络的操作系统指纹快速识别方法。首先对网络空间资产探测原理进行了概述,通过对基于SVM的操作系统识别和基于决策树的操作系统识别方法进行对比,设计和构建了以ReLU函数作为激活函数的二层卷积模型且增加了BN层、池化层、全连接层,使用流量探测分析工具p0f将其指纹库操作系统指纹数据作为训练集,对收集到的流量数据作为测试集进行指纹识别测试,并将SVM方法和决策树方法与本文构建模型进行对照组实验。实验结果表明,本文提出的操作系统识别模型具有较高的收敛速度,且平均判别准确率相比于SVM算法和C4.5决策树算法提高了13和6个百分点,证明模型在操作系统识别方面具有良好的性能。

Aiming at the problem of digital assets detection of traffic data in cyberspace,a rapid fingerprint identification method of operating system based on convolutional neural network is proposed.Firstly,the principle of asset detection in cyberspace is summarized,and the the support vector machine(SVM)based on operating system recognition method and decision tree based operation system recognition method are compared.This paper provides a kind of operating system fast fingerprint identification based on convolution neural network(CNN),designs and builds the two-layer convolution model which uses the rectified linear unit(ReLU)function as the activation function and increased the batch normalization(BN)layer,pooling layer,link layer,by the use of the traffic detection analysis tools pOf and take the fingerprint data of its fingerprint database operating system as the training set.The collected traffic data was used as a test set for fingerprint identification test,and the SVM method and decision tree method were combined with the model constructed in this paper for control experiment.Experimental results show that the proposed operating system recognition model has high convergence speed and accuracy,and the average discrimination accuracy is 13 and 6 percentage points higher than that of SVM algorithm and C4.5 decision tree algorithm,which proves that the proposed model has good performance in operating system recognition.