基于黑客画像的网络攻击者识别方法
Identification method of network attacker based on hacker portrait
徐雅斌 1王振超 2庄唯3
作者信息
- 1. 北京信息科技大学计算机学院,北京 100101;北京信息科技大学大数据安全技术研究所,北京 100101
- 2. 北京信息科技大学计算机学院,北京 100101
- 3. 苏州市市公安局网络安全保卫支队,江苏苏州 215000
- 折叠
摘要
为能够准确、快速识别网络攻击者,提出一种基于黑客画像的网络攻击者识别方法.构建将稀疏自编码器和贝叶斯神经网络相结合的SAE-BNN模型,检测不同攻击类型的恶意流量;针对不同的恶意流量,通过提取黑客属性特征、流量特征、时间特征和相似性特征,与事先建立的黑客画像库中的黑客画像进行匹配.如果与某个黑客画像完全匹配,则由此确定该黑客的身份.当不能与黑客画像库中的任何黑客画像进行匹配时,将该黑客的特征作为标签,构建新的黑客画像,并更新画像库.实验结果表明,提出的异常流量识别方法在精度、召回率、F1值和准确率上均有提升.基于黑客画像的黑客识别算法与常规方法相比,极大提高了识别效率.
Abstract
To identify hacker users accurately and quickly,a network attacker identification method based on hacker portrait was proposed.A SAE-BNN model combining sparse auto-encoder(SAE)and Bayesian neural network(BNN)was constructed to detect malicious traffic of different attack types.For different malicious traffic,the hacker attributes,traffic characteristics,time characteristics and similarity characteristics were extracted to match the hacker portraits in the hacker portrait database estab-lished in advance.If there was an exact match to a hacker's profile,the hacker was identified.Experimental results show that the abnormal traffic identification method proposed improves the accuracy,recall,F1 value and accuracy.Compared with the conventional methods,the hacker recognition algorithm based on hacker portrait greatly improves the recognition efficiency.
关键词
稀疏自编码器/贝叶斯神经网络/网络黑客/黑客画像/黑客特征/黑客匹配/恶意流量Key words
sparse auto-encoder/Bayesian neural networks/network hackers/hacker portrait/hacker feature/hacker match/malicious traffic引用本文复制引用
出版年
2024
NETL
NSTL
万方数据