Abstract:The measurement and control network of a launch vehicle is an important national defense information infrastructure for remote measurements and launch control. This network provides a key measure to detect abnormal behavior and ensure information security through accurate analysis of the traffic. This paper describes a network strategy using the port mapping method, payload matching, and support vector machine (SVM) learning algorithm. The training samples are produced by the port mapping and payload matching method. Then, the key features are selected based on the information gain. Next, the SVM model is built with these features and trained by the training samples. The traffic data is then analyzed by the voting mechanism. Actual data from the network is used to verify the method with the results showing that this method has an accuracy of 99.1% with far fewer manual analyses.
徐洪平, 刘洋, 易航, 阎小涛, 康健, 张文瑾. 运载火箭测发网络异常流量识别技术[J]. 清华大学学报(自然科学版), 2018, 58(1): 20-26,34.
XU Hongping, LIU Yang, YI Hang, YAN Xiaotao, KANG Jian, ZHANG Wenjin. Abnormal traffic flow identification for a measurement and control network for launch vehicles. Journal of Tsinghua University(Science and Technology), 2018, 58(1): 20-26,34.
LANG T, BRANCH P, ARMITAGE G. A synthetic traffic model for Quake3[C]//2004 ACM SIGCHI International Conference on Advances in Computer Entertainment Technology. Singapore:ACM, 2004:233-238.
[2]
陈亮, 龚俭, 徐选. 基于特征串的应用层协议识别[J]. 计算机工程与应用, 2006, 42(24):16-19. CHEN L, GONG J, XU X. Identification of application level protocols using characteristic[J]. Computer Engineering and Applications, 2006, 42(24):16-19. (in Chinese)
[3]
LIN Y D, LU C N, LAI Y C, et al. Application classification using packet size distribution and port association[J]. Journal of Network and Computer Applications, 2009, 32(5):1024-1030.
[4]
MOORE A W, PAPAGIANNAKI K. Toward the accurate identification of network applications[C]//6th International Conference on Passive and Active Network Measurement. Boston, MA, USA:Springer, 2013:41-54.
[5]
YU J, LEE H, IM Y, et al. Real-time classification of Internet application traffic using a hierarchical multi-class SVM[J]. KSⅡ Transactions on Internet and Information Systems, 2010, 4(5):859-876.
[6]
ZHANG J, XIANG Y, WANG Y. Network traffic classification using correlation information[J]. IEEE Transactions on Parallel and Distributed Systems, 2013, 24(1):104-117.
[7]
SHAFIQ M, YU X Z, LAGHARI A, et al. Network traffic classification techniques and comparative analysis using machine learning algorithms[C]//20162nd IEEE International Conference on Computer and Communications. Chengdu, 2016:2451-2455.
[8]
IBRAHIM H A H, ZUOBI O R A A, AL-NAMARI M A, et al. Internet traffic classification using machine learning approach:Datasets validation issues[C]//2016 Conference of Basic Sciences and Engineering Studies. Khartoum, Sudan, 2016:158-166.
[9]
DEVI S R, YOGESH P. A hybrid approach to counter application layer DDoS attacks[J]. International Journal on Cryptography and Information Security, 2012, 2(2):45-52.
[10]
高赟, 周薇, 韩翼中, 等. 一种基于文法压缩的日志异常检测算法[J]. 计算机学报, 2014, 37(1):73-86.GAO Y, ZHOU W, HAN J Z, et al. An online log anomaly detection method based on grammar compression[J]. Chinese Journal of Computers, 2014, 37(1):73-86. (in Chinese)
[11]
WANG C Z, ZHANG H L, YE Z W. A peer to peer traffic identification method based on support vector machine and artificial bee colony algorithm[C]//2015 IEEE 8th International Conference on Intelligent Data Acquisition and Advanced Computing Systems:Technology and Applications. Warsaw, Poland, 2015:982-986.
[12]
WANG Y, CHEN C, XIANG Y. Unknown pattern extraction for statistical network protocol identification[C]//2015 IEEE 40th Conference on Local Computer Networks. Clearwater Beach, USA, 2015:506-509.
[13]
CHEN T, LIAO X. An optimized solution of application layer protocol identification based on regular s[C]//201618th Asia-Pacific Network Operations and Management Symposium. Kanazawa, Japan, 2016:1-4.
[14]
HE H M, TIWARI A, MEHNEN J. Incremental information gain analysis of input attribute impact on RBF-kernel SVM spam detection[C]//2016 IEEE Congress on Evolutionary Computation. Vancouver, Canada, 2016:1022-1029.