[1]马甜甜,洪 征,陈 乾.基于改进 AE-CM 模型的未知应用层协议识别[J].计算机技术与发展,2024,34(03):118-124.[doi:10. 3969 / j. issn. 1673-629X. 2024. 03. 018]
 MA Tian-tian,HONG Zheng,CHEN Qian.Unknown Application Layer Protocol Recognition Method Based on Improved AE-CM[J].,2024,34(03):118-124.[doi:10. 3969 / j. issn. 1673-629X. 2024. 03. 018]
点击复制

基于改进 AE-CM 模型的未知应用层协议识别()
分享到:

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
34
期数:
2024年03期
页码:
118-124
栏目:
网络空间安全
出版日期:
2024-03-10

文章信息/Info

Title:
Unknown Application Layer Protocol Recognition Method Based on Improved AE-CM
文章编号:
1673-629X(2024)03-0118-07
作者:
马甜甜洪 征陈 乾
陆军工程大学 指挥控制工程学院,江苏 南京 210014
Author(s):
MA Tian-tianHONG ZhengCHEN Qian
School of Command and Control Engineering,Army Engineering University of PLA,Nanjing 210014,China
关键词:
网络流量未知协议识别深度自编码器高斯混合聚类嵌入层邻居特征加权
Keywords:
network trafficunknown protocol recognitiondeep autoencoderGMM clusteringembeddingneighbor feature weighting
分类号:
TP393
DOI:
10. 3969 / j. issn. 1673-629X. 2024. 03. 018
摘要:
现有的未知协议识别方法存在提取的特征不够充分、聚类分配不准确等问题,影响了协议识别结果的准确性。 AE-CM( deep autoencoder with embedding clustering module)解决了当前深度聚类模型异步优化的问题,提高了聚类分配的精度。 该文提出的 DAEC-NM 协议识别模型以 AE-CM 为基础,通过加入高维卷积、时序卷积网络以及调整多层感知机结构的方法,改进了 AE-CM 的特征提取部分。 为了更全面地获取协议信息,DAEC-NM 通过邻居分支采集邻居样本,并分析邻居样本间的局部关联特征,从而增强原样本特征中重要特征对聚类分配的指导能力。 最后,采用了注意力机制来分析特征的重要性,以此为聚类模块设置有效的初始权重,解决了聚类模块在模型更新过程中权重特征更新较慢的问题。 实验结果表明,DAEC-NM 能够有效提高未知协议识别的准确性。
Abstract:
Existing unknown protocol recognition methods suffer from insufficient feature extraction ability and inaccurate clustering assignments,which affect the accuracy of recognition results. AE-CM( deep autoencoder with embedding clustering module) addresses theissue of asynchronous optimization in deep clustering models and improves the accuracy?
of clustering assignments. The proposed DAEC-NM is based on the AE-CM. The feature extraction part of the AE-CM is improved by introducing high-dimensional convolution, temporal convolution network, and adjusting the structure of multi - layer perceptron. To obtain more comprehensive protocolinformation,DAEC-NM collects neighbor samples through the neighbor model and analyzes the local correlation features to ensure theaccuracy of clustering results. Finally, we use an attention mechanism to capture the importance of features, and set effective initialweights for the clustering module to resolve the slow update problem in the clustering module. Experimental results show the DAEC-NMcan effectively improve the accuracy of unknown protocol recognition.

相似文献/References:

[1]储久良 吴许俊 张晓群 宦臣.基于Cacti的校园网络气象图技术的研究与实现[J].计算机技术与发展,2010,(04):199.
 CHU Jiu-liang,WU Xu-jun,ZHANG Xiao-qun,et al.Research and Realization of Campus Network Weathermap Technology Based on Cacti[J].,2010,(03):199.
[2]王琴 谭敏生.基于NetFlow的衡阳联通互联网流量的测量研究[J].计算机技术与发展,2009,(05):122.
 WANG Qin,TAN Min-sheng.Research on Network Traffic Measurement of Hengyang Unicom Based on NetFlow[J].,2009,(03):122.
[3]蒋海明 张剑英 王青青 彭娟.P2P流量检测与分析[J].计算机技术与发展,2008,(07):74.
 J IANG Hai-ming,ZHANG Jian-ying,WANG Qing-qing,et al.Identification and Analysis of P2P Traffic[J].,2008,(03):74.
[4]刘悦 郭拯危.基于小波支持向量机的P2P网络流量识别算法[J].计算机技术与发展,2010,(10):107.
 LIU Yue,GUO Zheng-wei.Algorithm for P2P Network Traffic Identification Based on Wavelet SVM[J].,2010,(03):107.
[5]姜巍 秦雅娟 刘颖.基于IPFIX的用户网络行为分析系统模型研究[J].计算机技术与发展,2011,(09):233.
 JIANG Wei,QIN Ya-juan,LIU Ying.Research on IPFIX-Based System Model of Users' Network Behaviors Analysis[J].,2011,(03):233.
[6]吴烨虹 张少娴.网络分析仪在网络流量监测中的应用[J].计算机技术与发展,2012,(08):237.
 WU Ye-hong,ZHANG Shao-xian.Application of Network Analyzer in Network Traffic Monitor[J].,2012,(03):237.
[7]赵伟.一种改进的网络流量预测模型研究[J].计算机技术与发展,2013,(04):20.
 ZHAO Wei.Research on an Improved Prediction Model of Network Traffic[J].,2013,(03):20.
[8]盖 璇.基于云计算和分布式技术的流量分析模型[J].计算机技术与发展,2022,32(S2):114.[doi:10. 3969 / j. issn. 1673-629X. 2022. S2. 020]
 GAI Xuan.Traffic Analysis Model Based on Cloud Computing and Distributed Technology[J].,2022,32(03):114.[doi:10. 3969 / j. issn. 1673-629X. 2022. S2. 020]

更新日期/Last Update: 2024-03-10