首页|基于K-means的异常IP访问的检测方法

基于K-means的异常IP访问的检测方法

扫码查看
本文探讨了基于UEBA技术和SNORT规则在对恶意攻击事件进行检测过程中呈现的问题.在此基础上提出了通过统计学习,结合主机层面的网络流量数据与主机端的安全日志数据共同举证,利用K-means迭代求解的聚类分析算法,对网络中的异常IP访问进行检测的方法.
An Abnormal IP Access Detection Method Based on K-means
This article mainly discusses the problems presented in the detection of malicious attack events based on UEBA technology and SNORT rules.based on this it is proposed that through statistical learning,combining network traffic data at the host level with security log data at the host side,the clustering analysis algorithm was solved using K-means iteration,method for detecting abnormal IP access in the network.

APT network attackK-means algorithmextortion virus

赵弘毅

展开 >

河南能源集团信息技术有限公司,河南郑州 450000

APT网络攻击 K-means算法 勒索病毒

2024

软件
中国电子学会 天津电子学会

软件

影响因子:1.51
ISSN:1003-6970
年,卷(期):2024.45(8)