现有的未知协议识别方法存在提取的特征不够充分、聚类分配不准确等问题,影响了协议识别结果的准确性。AE-CM(deep autoencoder with embedding clustering module)解决了当前深度聚类模型异步优化的问题,提高了聚类分配的精度。该文提出的DAEC-NM协议识别模型以AE-CM为基础,通过加入高维卷积、时序卷积网络以及调整多层感知机结构的方法,改进了AE-CM的特征提取部分。为了更全面地获取协议信息,DAEC-NM通过邻居分支采集邻居样本,并分析邻居样本间的局部关联特征,从而增强原样本特征中重要特征对聚类分配的指导能力。最后,采用了注意力机制来分析特征的重要性,以此为聚类模块设置有效的初始权重,解决了聚类模块在模型更新过程中权重特征更新较慢的问题。实验结果表明,DAEC-NM能够有效提高未知协议识别的准确性。
Unknown Application Layer Protocol Recognition Method Based on Improved AE-CM
Existing unknown protocol recognition methods suffer from insufficient feature extraction ability and inaccurate clustering as-signments,which affect the accuracy of recognition results.AE-CM(deep autoencoder with embedding clustering module)addresses the issue of asynchronous optimization in deep clustering models and improves the accuracy of clustering assignments.The proposed DAEC-NM is based on the AE-CM.The feature extraction part of the AE-CM is improved by introducing high-dimensional convolution,temporal convolution network,and adjusting the structure of multi-layer perceptron.To obtain more comprehensive protocol information,DAEC-NM collects neighbor samples through the neighbor model and analyzes the local correlation features to ensure the accuracy of clustering results.Finally,we use an attention mechanism to capture the importance of features,and set effective initial weights for the clustering module to resolve the slow update problem in the clustering module.Experimental results show the DAEC-NM can effectively improve the accuracy of unknown protocol recognition.
万方数据
维普
