计算机工程与应用2024,Vol.60Issue(20):274-283,10.DOI:10.3778/j.issn.1002-8331.2307-0307
融合流能量模型的流量异常检测方法
Network Traffic Classification Method Fused with Flow Energy Model
摘要
Abstract
Abnormal network traffic detection is a key cybersecurity technology that assists in identifying and preventing malicious network attacks.Existing methods for detecting abnormal network traffic typically rely on complex machine learning models and a large amount of labeled data.Consequently,these methods are challenging to apply to different sce-narios without retraining the model and cannot effectively handle large-scale,ongoing network attacks in real-time.To address these issues,this paper proposes a classification method based on a network flow energy model.It utilizes a reverse statistical physics model to learn target traffic features in the network,allowing it to be based on macroscopic real observa-tions or real data without the need for manual labeling.Subsequently,the paper combines the concept of the energy model to construct a network traffic recognition model.This model judges whether a sample conforms to the main statistical dis-tribution.Specifically,the method describes individual behavior characteristics and interaction features between traffic packets through the local field and coupling field in the energy model.By combining these two features,the method calcu-lates the sample's energy.If the energy is below a threshold,the sample aligns with the main distribution,indicating normal data;otherwise,it is considered abnormal data.As this method does not rely on manual labeling,it can adapt to various network environments without the need for repetitive training.This addresses current issues in traffic abnormality detection methods,which struggle to adapt to different scenarios and require extensive labeling.To evaluate the effectiveness of this method,the paper validates it using the Kitsune-2018 and CTU-13 datasets.Experimental results demonstrate that the pro-posed method achieves good classification performance and overall effectiveness in network traffic classification tasks.This further indicates its accuracy in performing network flow classification tasks and its adaptability to changing scenarios.关键词
流量分类/网络流量/流分类器/能量模型/逆统计物理学模型Key words
network flow classification/network flow/flow-based classifier/energy model/reverse statistical physics model分类
信息技术与安全科学引用本文复制引用
杜文勇,徐李阳,王晨飞,赵文华,张烁,谢瑞楠,曹彭程,李晓红..融合流能量模型的流量异常检测方法[J].计算机工程与应用,2024,60(20):274-283,10.基金项目
国家电网有限公司客户服务中心科技项目(52313121N007). (52313121N007)
