摘要
当区域互联网受到攻击时,其流量会发生较为明显的变化,因此提出基于流量特征的区域互联网攻击源IP地址检测方法;采用NetFlow技术采集用户高速转发的IP数据流,得到网络流量数据;针对网络流量中突变数据,实施去除处理;通过最小冗余最大相关性,提取互联网的流量特征,以提高攻击源IP地址的检测精度;以流量特征的信息熵作为输入,结合极限学习机与k均值算法实现攻击流量检测并确定互联网攻击源IP地址;测试结果表明:在该方法的应用下,攻击源IP地址检测质量指数为0.97,由此说明该方法的检测准确性更高,检测质量更好。
When regional internet is attacked,its traffic will undergo significant changes.Therefore,a regional internet attack source IP address detection method based on traffic characteristics is proposed.NetFlow technology is used to collect the high-speed IP data stream forwarded by users and obtain network traffic data.Removal processing for abrupt data is implemented in network traffic.By minimizing redundancy and maximizing correlation,the traffic characteristics of the Internet are extracted to improve the detection accuracy of the attack source IP address.With the information entropy of traffic characteristics as an input,combined with extreme learning machine and k-means algorithm,the attack traffic detection and determination of Internet attack source IP address are realized.The test results show that under the application of this method,the quality index of attack source IP address detection is 0.97,indicating that the detection accuracy and quality of the proposed method are better.
作者
杨波
徐胜超
毛明扬
陈刚
王宏杰
YANG Bo;XU Shengchao;MAO Mingyang;CHEN Gang;WANG Hongjie(School of Data Science,Guangzhou HuaShang College,Guangzhou 511300,China)
出处
《计算机测量与控制》
2023年第10期285-290,298,共7页
Computer Measurement &Control
基金
国家自然科学基金面上项目(61772221)
广州华商学院校级导师制科研项目(2022HSDS23)。
关键词
流量特征
区域互联网
攻击源
IP地址检测
信息熵
flow characteristics
regional internet
attack source
IP address detection
information entropy
