由于零日漏洞的未知性,导致其缺乏准确的漏洞特征信息。攻击者在利用这些漏洞进行针对性攻击时,使其在网络流量中难以被精准检测到。为了提高实验室网络的安全防御能力,并及时检测防火墙零日漏洞的不同攻击,保障实验室网络的安全稳定运行,提出了面向实验室网络的防火墙零日漏洞入侵检测。采用基于随机森林和主成分分析(Principal Component Analysis,PCA)的融合方法,对实验室网络防火墙数据特征实施特征重要度计算以及特征降维处理;利用模糊聚类算法对该特征展开聚类分析,获取与零日漏洞入侵特征相关的特征集合;将其作为训练样本输入到自适应谐振理论 2(A-daptive Resonance Theory 2,ART2)神经网络中,通过网络的训练学习实现实验室网络防火墙零日漏洞不同入侵类型的精确检测。实验结果表明,所提方法的丢包率低,且平均准确率为 98。03%,表明该方法能够有效提高实验室网络的安全性和稳定性。
Simulation of zero-day vulnerability intrusion detection method of laboratory network firewall
Currently,the unknown nature of zero-day vulnerabilities can lead to a lack of accurate vulnerability feature information.When attackers exploit these vulnerabilities for targeted attacks,it is difficult to accurately detect them in network traffic.In order to improve the defense capabilities of laboratory networks and timely detect different attacks on firewall zero-day vulnerabilities,ensuring the safe and stable operation of laboratory networks,a method to detect intrusion of zero-day vulnerabilities in the laboratory network firewall was presented.In the first step,a fusion method based on Random Forest and Principal Component Analysis(PCA)was employed to calculate the feature im-portance and reduce the feature dimensionality of the data feature in the laboratory network firewall.Then,a fuzzy clustering algorithm was adopted to conduct a clustering analysis on this feature,thus obtaining a feature set related to the characteristic of zero-day vulnerability intrusion.Next,this set was input into an Adaptive Resonance Theory 2(ART2)neural network as training samples.Through network training and learning,the precise detection of different intrusion types of zero-day vulnerabilities in the laboratory network firewall was ultimately achieved.Experimental re-sults prove that the proposed method has a low packet loss rate and an average accuracy of 98.03%,indicating that the method can effectively enhance the security and stability of laboratory networks.
NETL
NSTL
万方数据
