摘要
基于主机异常的入侵检测方法可以识别用户操作是否存在异常,从而提醒用户进行处理以保证系统安全。为了能够快速高效地识别用户操作异常,文章提出了基于K近邻算法的主机异常检测方法。该方法首先在特征提取过程中使用自然语言处理的算法来提取特征向量,然后采用主成分分析算法进行降维处理,接着使用K近邻算法学习主机的正常操作和异常操作的相关特征,建立检测模型,最后使用学习后建立的模型来判断主机是否存在异常操作。该方法采用澳大利亚国防学院的ADFA-LD数据集进行实验,验证了所提出方法性能良好。
The intrusion detection method based on host anomaly can identify whether there is an anomaly in the user’s operation,thus reminding the user to deal with it to ensure the security of the system.In order to identify the anomalies of user operations quickly and efficiently,a host anomaly detection method based on K-nearest neighbor algorithm is proposed in this paper.In this method,the natural language processing algorithm is used to extract the feature vector in the feature extraction process,and then the principal component analysis algorithm is used to reduce the dimensionality.Then the K nearest neighbor algorithm is used to learn the relevant features of the normal operation and abnormal operation of the host to establish a detection model.Finally,the model established after learning is used to determine whether the host has abnormal operations.In this paper,the ADFA-LD data set of Australian Defense College is used to verify the performance of the proposed method.
作者
黄智睿
谢显杰
杨晓丹
Huang Zhirui;Xie Xianjie;Yang Xiaodan(Kunming Metallurgy College,Kunming 650033,China;Yunnan Normal University,Kunming 650092,China)
出处
《无线互联科技》
2024年第5期122-128,共7页
Wireless Internet Technology
基金
昆明冶金高等专科学校科研基金项目,项目名称:基于机器学习算法的主机异常检测研究,项目编号:2023xjy03。
关键词
网络空间安全
机器学习
主机异常检测
K近邻算法
自然语言处理
cyberspace security
machine learning
host abnormal behavior detection
K nearest neighbor algorithm
natural language processing
