«上一篇/Previous Article|本期目录/Table of Contents|下一篇/Next Article»

j. issn. 1673-629X. 2019. 06. 022]
点击复制

基于决策树的远程控制协议字典攻击检测()

分享到：

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:: 29
期数:: 2019年06期

页码:: 105-111

栏目:: 安全与防范

出版日期:: 2019-06-10

文章信息/Info

Title:: Dictionary Attack Detection of Remote Control Protocol Based on Decision Tree

文章编号:: 1673-629X(2019)06-0105-07

作者:: 许鸿坡; 陈伟; 南京邮电大学计算机学院,江苏南京 210023

Author(s):: XU Hong-po; CHEN Wei; School of Computer,Nanjing University of Posts and Telecommunications,Nanjing 210023,China

关键词:: C4.5 决策树; SSH; 字典攻击; 流量检测

Keywords:: C4.5 decision tree; SSH; dictionary attack; traffic detection

分类号:: TN915.08

DOI:: 10. 3969 / j. issn. 1673-629X. 2019. 06. 022

摘要:: 针对远程控制协议的字典攻击是常见的安全威胁,基于主机日志的传统检测方式已不能有效防御隐蔽式的字典攻击。因此,提出了一种基于网络流量的检测机制,通过分析针对远程控制协议的字典攻击与正常访问的流量指纹特征存在的差异,选取10 个存在差异的候选特征,接着采用信息增益比方法选择比值较高的前4 个特征作为分类评价指标;再对校园网部署的蜜罐网络捕获的数据流进行过滤,选取含有远程控制协议载荷信息的数据包,采用数据处理算法提取出特征数据;最后运用 C4.5 决策树方法对带有人工标记的数据流进行分类评估,并统计精确率、漏报率、误报率等五项分类性能评估指标。实验结果表明,通过网络流量的检测方式能够在网络层面以低虚警率、高精确率检测出数据流中存在的字典攻击流量。

Abstract:: The dictionary attack against the remote control protocol is a common security threat. The traditional detection method based on the host log cannot effectively prevent the hidden dictionary attack. Therefore, we propose a network traffic-based detection mechanism. By analyzing the difference between the dictionary attack of the remote control protocol and the normal traffic fingerprint feature,10 candidate features with differences are selected,and then the information gain ratio method is used to select the first 4 features with higher ratio as the classification evaluation index. Then,the data stream captured by the honeypot network deployed in the campus network is filtered,the data packet containing the remote control protocol load information is selected,and the data processing algorithm is used to extract the feature data. Finally,the C4.5 decision tree method is used to classify the data stream with manual marking,and the five classification performance evaluation indicators such as accuracy rate,false negative rate and false positive rate are counted. The experiment shows that the network traffic detection method can detect the dictionary attack traffic existing in the data stream with low false alarm rate and high accuracy at the network level.

相似文献/References:

[1]付更丽曹宝香.SOA-SSH分层架构的设计与应用[J].计算机技术与发展,2010,(01):71.
　FU Geng-li,CAO Bao-xiang.Design and Application of SOA-SSH Layered Architecture[J].,2010,(06):71.
[2]惠建新周杰张红卫[] 吕波王凯.基于SSH的多语种语言资源库管理系统研究[J].计算机技术与发展,2010,(06):78.
　HUI Jian-xin,ZHOU Jie,ZHANG Hong-wei,et al.Research of Multilingual Language Resources Library Managing System Based on SSH[J].,2010,(06):78.
[3]黄美林马建华李东.基于SSH框架与泛型的通用分页方法设计与实现[J].计算机技术与发展,2012,(01):67.
　HUANG Mei-lin,MA Jian-hua,LI Dong.Design and Implementation of Generic Pagination Means Based on SSH Architecture and Generics[J].,2012,(06):67.
[4]陈磊,李征宇,简炜,等.一种服务器操作系统资源监控工具的设计和实现[J].计算机技术与发展,2013,(04):104.
　CHEN Lei,LI Zheng-yu,JIAN Wei,et al.Design and Realization of a Server Operation System Resource Monitoring Tool[J].,2013,(06):104.
[5]彭霞,朱萍.MVC模式高校科研管理平台构建方案[J].计算机技术与发展,2013,(04):249.
　PENG Xia,ZHU Ping.Construction Scheme of University Scientific Research Management Platform Based on MVC Model[J].,2013,(06):249.
[6]岳虹,周敬才. 基于SSH框架的在线文库系统研究与实现[J].计算机技术与发展,2014,24(10):170.
　YUE Hong,ZHOU Jing-cai. Research and Implementation of Online Document Library System Based on SSH Framework[J].,2014,24(06):170.
[7]鲍义东[][],赵伟艇[]. 基于SSH架构和Android移动课程学习平台的开发[J].计算机技术与发展,2014,24(12):163.
　BAO Yi-dong[][],ZHAO Wei-ting[]. Development of Mobile Course Learning Resources Platform Based on SSH and Android[J].,2014,24(06):163.
[8]谢晓玲,梁宁.基于 SSH 的儿童成长管理系统设计[J].计算机技术与发展,2021,31(04):187.[doi:10. 3969 / j. issn. 1673-629X. 2021. 04. 032]
　XIE Xiao-ling,LIANG Ning.Design of Children’s Growth Management System Based on SSH[J].,2021,31(06):187.[doi:10. 3969 / j. issn. 1673-629X. 2021. 04. 032]

常用功能

工具/Tools

统计/Statistics

摘要浏览/Viewed1192
全文下载/Downloads638
评论/Comments