期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于漂移检测和集成学习的木马检测模型

Trojan Detection Model Based on Drift Detection and Ensemble Learning
下载PDF
导出
摘要 传统基于网络流量的木马检测方法对训练样本要求较高,泛化能力差,分类精度难以提升,且不能处理概念漂移问题。为提升现有方法的准确度,在研究网络流量通信特征的基础上,提出一种集成学习分类模型,在流量处理中检测其产生的概念漂移,根据检测结果动态更新由训练集构建的集成分类器,利用集成分类器加权集成,达到检测木马流量的目的。真实网络环境下的实验结果验证了该模型的有效性,通过重新训练和集成学习使漏报率和误报率显著降低。 Traditional Trojan detection methods based on network flow overly depend on training sam- ples, have poor generalization ability and low classification precision, and are not able to deal with concept drift problem. To improve the accuracy of current methods, an ensemble learning classifica- tion model is proposed based on the research of the communication ieatures of network flow. The model made detection for concept drift in flow processing, and automatically replaced ensemble clas- sifiers built by training set according to detection result. And it weighted integration using ensemble classifiers to achieve the purpose of detecting Trojan flow. Experimental results verified the effective- ness of the model in the real network environment. By retraining and ensemble learning, the model can significantly reduce false negative rate and false positive rate.
作者 李晔 刘胜利 张兆林 LI Ye;LIU Shengli;ZHANG Zhaolin(Information Engineering University,Zhengzhou 450001,China)
机构地区 信息工程大学
出处 《信息工程大学学报》 2017年第6期708-711,共4页 Journal of Information Engineering University
基金 国家自然科学基金资助项目(61271252) 郑州市科技创新团队资助项目(10CXTD150)
关键词 木马检测 通信流量 概念漂移 集成学习 Trojan detection communication flow concept drift ensemble learning
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献2

二级参考文献31

  • 1南煜,寇晓蕤,王清贤.一种新型远程网络拓扑发现及分析算法[J].计算机应用,2005,25(2):248-251. 被引量:5
  • 2Eric Rosenberg. Hierarchical topological network design[ J ]. IEEE/ ACM Transactions on Networking ,2005,13 (6) :402 - 1409 被引量:1
  • 3Gerffrion A M. An improved implicit enumeration approach for Integer Programming[J]. Operations Research, 1969,17 (3) :437 - 454. 被引量:1
  • 4Gurumohan P C, Hui J. Topology design for free space optical networks, proceedings of the 12th Int. Conf. Computer Communications and Networks,2003:576 -579. 被引量:1
  • 5AsSadhan B,Moura J M F,Lapsley D.Periodic behavior in botnet command and control channels traffic. Proc of IEEE GLOBECOM . 2009 被引量:1
  • 6Levine J,Culver B,Owen H.A methodology for detecting new binary rootkit exploits. Proc of IEEE SoutheastCon2003 . 2003 被引量:1
  • 7Myers A,Nystrom N,Zheng L et al.Jif:Java information flow. http://www.cs.cornell.edu/jif . 2001 被引量:1
  • 8Gartner.Use network behavior analysis for better visibility into security and operations events. . 2005 被引量:1
  • 9Martin Roesch.Snort - Lightweight Intrusion Detection for Networks. Proc of the 13th Conference on Systems Administration . 1999 被引量:1
  • 10Guofei Gu,,Junjie Zhang,Wenke Lee.BotSniffer:Detecting Botnet Command and Control Channels in Network Traffic. Proc. of the 15th Annual Network and Distributed System Security Symposium (NDSS’’08) . 2008 被引量:1

共引文献23

信息工程大学学报
2017年 第6期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部