摘要
针对频繁非法访问的检查问题,提供了一种机器学习方法来检测登录场景中的频繁非法访问活动。通过特征工程的方法分析登录日志数据,筛选提取有效特征,再使用聚类方法对登录特征数据进行检测,分类出正常用户和异常用户。为了提高无监督识别算法的精度,提出了多聚类融合的检测算法,从多个聚类算法的角度,精确识别出登录日志中的频繁非法访问用户。实验结果证明,该方法可以更准确地提取登录场景中各项指标异常的用户,并可以扩展适应其他频繁非法访问场景。
For the inspection problem of frequent illegal accesses,a machine learning method is proposed to detect frequent illegal access in the login scenario.Relevant features are extracted and filtered from the login log data by feature engineering methods,after that,the clustering method is used to detect the login data and classify normal users and abnormal users.In order to improve the accuracy of unsupervised recognition algorithm,the detection algorithm of multi-clustering ensembles is proposed,which can more accurately identify frequent illegal access users from the perspective of multiple clustering algorithms.Experimental results indicate that the method can more accurately extract users with abnormal indicators in the login scenario and can be expanded to adapt to other frequent illegal access scenarios.
作者
甘迎辉
程永新
王梓
彭凯
GAN Yinghui;CHENG Yongxin;WANG Zi;PENG Kai(No.30 Institute of CETC,Chengdu Sichuan 610041,China;University of Electronic Science and Technology of China,Chengdu Sichuan 610054,China)
出处
《通信技术》
2023年第4期515-520,共6页
Communications Technology
关键词
非法访问
机器学习
多聚类融合
检测算法
illegal access
machine learning
multi-clustering ensemble
detection algorithm
