Malicious traffic detection method based on smote algorithm and integrated learning
A malicious traffic, integrated learning technology, applied in machine learning, computing, computing models, etc., can solve problems such as low malicious traffic detection recall rate and unbalanced malicious traffic.
Active Publication Date: 2021-05-18
XIDIAN UNIV +1
View PDF4 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0005] The purpose of the present invention is to overcome the deficiencies in the prior art above, and propose a malicious traffic detection method based on the SMOTE algorithm and integrated learning, aiming at ensuring the detection accuracy of malicious traffic, and solving the problems caused by unbalanced benign and malicious traffic. Technical issues with low recall for malicious traffic detection
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0038] Below in conjunction with accompanying drawing and specific embodiment, the present invention is described in further detail:
[0039] refer to figure 1 , this embodiment includes the following steps:
[0040] Step 1) Obtain training set A and test set T:
[0041] Step 1a) In an environment that can communicate with the network, run the collected 5000 malware samples in sequence in the virtual machine, open wireshark to collect the traffic generated by the interaction between itself and the network during the running of the malware samples, and terminate the current malware every 5 minutes Run the sample, save the data packets collected by wireshark for 5 minutes, and finally collect 5,000 malicious traffic collection packets, use wireshark to collect the traffic generated by the interaction between mobile phones, computers and the network that are not infected with viruses, and stop wireshark to collect traffic every 5 minutes. Repeat 5,000 times, and finally collect...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The present invention proposes a malicious traffic detection method based on SMOTE algorithm and integrated learning, aiming to solve the technical problem of low recall rate of malicious traffic detection caused by unbalanced benign and malicious traffic on the basis of ensuring the accuracy of malicious traffic detection, The implementation steps are: obtain benign traffic and malicious traffic; extract the statistical characteristics of the obtained traffic, obtain the malicious flow feature vector and the benign flow feature vector, and form the training set and the test set; cluster the malicious flow feature vector; use the KNN nearest neighbor algorithm Calculate the dangerous points of each cluster, delete the dangerous points to obtain a safe cluster; optimize the SMOTE algorithm; use the optimized SMOTE algorithm to center on the cluster center, and any sample in the cluster is a reference sample interpolation to generate a new sample ; Add new samples to the training set to obtain a balanced training set; build an ensemble learning classifier model; obtain the predicted label of the test set through the majority class voting method.
Description
technical field [0001] The invention belongs to the technical field of malicious traffic detection, and relates to a malicious traffic detection method, in particular to a malicious traffic detection method based on SMOTE algorithm and integrated learning. Background technique [0002] Malicious traffic refers to the traffic generated by viruses, Trojan horses, and malware running on electronic devices, and can be further divided into encrypted malicious traffic and unencrypted malicious traffic. If viruses, Trojan horses and malicious software are not found in time in the actual network, viruses, Trojan horses and malicious software will spread widely and damage network security. Malicious traffic detection technology detects viruses, Trojan horses and malware by detecting malicious traffic in network traffic. This technology can be divided into malicious traffic detection based on deep packet technology and malicious traffic detection based on machine learning algorithms. ...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06G06K9/62G06N20/00
CPCH04L63/145H04L63/1408G06N20/00G06F18/23213G06F18/214
Inventor 杨超张晓雨苏锐丹郑昱强薇贾哲
Owner XIDIAN UNIV