机器学习在医疗与健康应用场景下的恶意流量检测
Machine Learning for Malicious Traffic Detection in Medical and Health Application Scenarios
高健云 1刘颖颖 2戴依蓝 3李澍4
作者信息
- 1. 中国食品药品检定研究院 医疗器械检定所,北京 102629;沈阳药科大学 医疗器械学院,辽宁 沈阳 117004
- 2. 北京医药健康科技发展中心,北京 100035
- 3. 沈阳药科大学 医疗器械学院,辽宁 沈阳 117004
- 4. 中国食品药品检定研究院 医疗器械检定所,北京 102629
- 折叠
摘要
目的 基于机器学习方法中的随机森林和决策树模型,实现在医疗与健康应用场景下的恶意流量检测.方法 以CIC-IDS2017样本集作为模型的训练集与验证集,对将该样本集通过Python预处理后的共1708979条数据进行模型训练.预处理后的样本集中训练集占比80%(1367183条),验证集占比20%(341795条),在sklearn中进行随机森林和决策树模型参数调整训练,再将在医疗与健康应用场景下捕获到的500条网络流量作为测试集进行模型泛化能力评估.结果 由决策树和随机森林混淆矩阵图可知,决策树模型对于慢速拒绝服务攻击以及跨站脚本攻击的预测准确率为95%,尤其是决策树模型对慢速拒绝服务攻击进行预测时,会将其与跨站脚本攻击混淆.随机森林模型对于慢速拒绝服务攻击预测准确率为99%,能够正确预测大多数慢速拒绝服务攻击.随机森林模型在医疗与健康应用场景下整体表现良好.结论 两种模型对于在医疗与健康应用场景下的恶意流量检测准确率效果较好,但传统的决策树模型准确率低于随机森林模型.随机森林模型更适合在医疗健康场景下的恶意流量检测,可为医疗健康应用场景中的网络安全研究提供参考.
Abstract
Objective To realize the malicious traffic detection in medical and health application scenarios,the random forest and decision tree model in machine learning method were used.Methods CIC-ISD2017 sample set were used as the training and validation set for the model.A total of 1708979 pieces of data were pre-processed in Python for model training.The pre-processed sample set accounted for 80%of the training set(1367183 pieces)and 20%of the validation set(341795 pieces),and was trained by adjusting parameters of random forest and decision tree models on sklearn.Finally,500 network traffic captured in the built medical and health application scenarios were used as the test set to evaluate the model generalization ability.Results From the decision tree and random forest confusion matrix,the prediction accuracy of decision tree model for slow denial-of-service attacks and cross-site scripting attacks was 95%,especially when decision tree model predicted slow denial-of-service attacks,it was confused with cross-site scripting attacks.Random forest model predicted slow denial-of-service attacks with 99%accuracy,could correctly predict most slow denial-of-service attacks.The random forest model performs well in medical and health application scenarios.Conclusion The two models achieve ideal results for malicious traffic detection accuracy in medical and health application scenarios,but the accuracy of the traditional decision tree model is lower than that of the random forest model.The random forest model is more suitable for malicious traffic detection in medical and health scenarios,and can provide some reference for future network security research in medical and health application scenarios.
关键词
医疗健康应用场景/机器学习/决策树/随机森林/网络安全Key words
medical and health application scenarios/machine learning/decision tree/random forest/network security引用本文复制引用
基金项目
国家重点研发计划(2020YFC2007104)
出版年
2024
国家科技期刊平台
NSTL
维普
万方数据