基于PSO-KM聚类分析的通信网络恶意攻击代码检测方法

Detection Method of Malicious Attack Codes in Communication Network Based on PSO-KM Cluster Analysis

恶意代码的快速发展严重影响到网络信息安全,传统恶意代码检测方法对网络行为特征划分不明确,导致恶意攻击代码的识别率低、误报率高,研究基于PSO-KM聚类分析的通信网络恶意攻击代码检测方法;分析通信网络中恶意攻击代码的具体内容,从网络层流动轨迹入手提取网络行为,在MFAB-NB框架内确定行为特征;通过归一化算法选择初始处理中心,将分类的通信网络行为特征进行归一化处理,判断攻击速度和位置;实时跟进通信网络数据传输全过程,应用适应度函数寻求恶意代码更新最优解;基于PSO-KM聚类分析技术构建恶意代码数据特征集合,利用小批量计算方式分配特征聚类权重,以加权平均值作为分配依据检测恶意攻击代码,实现检测方法设计;实验结果表明:在文章方法应用下对恶意攻击代码检测的识别率达到95.0%以上,最高值接近99.7%,误报率可以控制在0.4%之内,具有应用价值。

The rapid development of malicious code has seriously affected network information security.Traditional malicious code detection methods do not clearly divide network behavior characteristics,causing the low recognition rate and high false positive rate of malicious attack code.Therefore,a malicious attack code detection method for communication network based on PSO-KM clustering analysis is researched.The specific content of malicious attack code in communication network is analyzed,and the network behavior is extracted from the flow trajectory of network layer,and the behavior characteristics are determined in the MFAB-NB framework.The initial processing center is selected by the normalization algorithm,and the behavior characteristics of the classified communication network are normalized to judge the attack speed and location.The whole process of communication network data transmission is followed up in real time,and the fitness function is applied to seek the updating optimal solution of malicious code.The feature set of malicious code data is constructed based on the PSO-KM clustering analysis technology,and the small batch calculation method is used to allocate the weight of the feature cluster.The weighted average value is used as the distribution basis to detect the malicious attack code,realize the design of detection method.The experimental results show that under the application of this method,the correct recognition rate of malicious attack code detection can reach more than 95.0%,the highest value is close to 99.7%,and the false positive rate can be controlled within 0.4%,and it has better application value.