基于流量特征的区域互联网攻击源IP地址检测
2023,31(10):285-290
摘要:当区域互联网受到攻击时,其流量会发生较为明显的变化,因此提出基于流量特征的区域互联网攻击源IP地址检测方法。采用NetFlow技术采集用户高速转发的IP数据流,得到网络流量数据。针对网络流量中突变数据,实施去除处理。通过最小冗余最大相关性,提取互联网的流量特征,以提高攻击源IP地址的检测精度。以流量特征的信息熵作为输入,结合极限学习机与k均值算法实现攻击流量检测并确定互联网攻击源IP地址。测试结果表明:在该方法的应用下,攻击源IP地址检测质量指数在0.9以上,由此说明该方法的检测准确性更高,检测质量更好。
关键词:流量特征;区域互联网;攻击源;IP地址检测;信息熵
IP Address Detection of Regional Internet Attack Sources Based on Traffic Characteristics
Abstract:When the regional Internet is attacked, its traffic will change significantly. Therefore, a method based on traffic characteristics to detect the attack source IP address of the regional Internet is proposed. NetFlow technology is used to collect the IP data stream forwarded by users at high speed and obtain the network traffic data. The abrupt data in network traffic shall be removed. The minimum redundancy and maximum correlation are used to extract the traffic characteristics of the Internet to improve the detection accuracy of the attack source IP address. With the information entropy of traffic characteristics as the input, combined with extreme learning machine and k-means algorithm, attack traffic detection and determination of Internet attack source IP address are realized. The test results show that the attack source IP address detection quality index is above 0.9 under the application of the research method, which indicates that the research method has higher detection accuracy and better detection quality.
Key words:Flow characteristics; Regional Internet; Attack source; IP address detection; Information entropy
收稿日期:2023-06-09
基金项目:国家自然科学基金项目(面上项目,重点项目,重大项目)
