软件2024,Vol.45Issue(8) :129-131.DOI:10.3969/j.issn.1003-6970.2024.08.040

基于K-means的异常IP访问的检测方法

An Abnormal IP Access Detection Method Based on K-means

赵弘毅
软件2024,Vol.45Issue(8) :129-131.DOI:10.3969/j.issn.1003-6970.2024.08.040
  • 维普
  • 万方数据

基于K-means的异常IP访问的检测方法

An Abnormal IP Access Detection Method Based on K-means

赵弘毅1
扫码查看

作者信息

  • 1. 河南能源集团信息技术有限公司,河南郑州 450000
  • 折叠

摘要

本文探讨了基于UEBA技术和SNORT规则在对恶意攻击事件进行检测过程中呈现的问题.在此基础上提出了通过统计学习,结合主机层面的网络流量数据与主机端的安全日志数据共同举证,利用K-means迭代求解的聚类分析算法,对网络中的异常IP访问进行检测的方法.

Abstract

This article mainly discusses the problems presented in the detection of malicious attack events based on UEBA technology and SNORT rules.based on this it is proposed that through statistical learning,combining network traffic data at the host level with security log data at the host side,the clustering analysis algorithm was solved using K-means iteration,method for detecting abnormal IP access in the network.

关键词

APT网络攻击/K-means算法/勒索病毒

Key words

APT network attack/K-means algorithm/extortion virus

引用本文复制引用

出版年

2024
软件
中国电子学会 天津电子学会

软件

影响因子:1.51
ISSN:1003-6970
段落导航相关论文