Abnormal traffic flow identification for a measurement and control network for launch vehicles

doi:10.16511/j.cnki.qhdxxb.2018.22.004

Abstract
Figures/Tables
References
Related Articles
Metrics

Download: PDF(2971 KB)
Export: BibTeX | EndNote | Reference Manager | ProCite | RefWorks

Abstract The measurement and control network of a launch vehicle is an important national defense information infrastructure for remote measurements and launch control. This network provides a key measure to detect abnormal behavior and ensure information security through accurate analysis of the traffic. This paper describes a network strategy using the port mapping method, payload matching, and support vector machine (SVM) learning algorithm. The training samples are produced by the port mapping and payload matching method. Then, the key features are selected based on the information gain. Next, the SVM model is built with these features and trained by the training samples. The traffic data is then analyzed by the voting mechanism. Actual data from the network is used to verify the method with the results showing that this method has an accuracy of 99.1% with far fewer manual analyses.

Keywords measurement and control network of launch vehicle port mapping payload matching dynamic strategy support vector machine (SVM) learning

ZTFLH:

TP393.0

Issue Date: 15 January 2018

	Service

	E-mail this article
	E-mail Alert
	RSS
	Articles by authors

	XU Hongping
	LIU Yang
	YI Hang
	YAN Xiaotao
	KANG Jian
	ZHANG Wenjin

Cite this article:

XU Hongping,LIU Yang,YI Hang, et al. Abnormal traffic flow identification for a measurement and control network for launch vehicles[J]. Journal of Tsinghua University(Science and Technology), 2018, 58(1): 20-26,34.

URL:

http://jst.tsinghuajournals.com/EN/10.16511/j.cnki.qhdxxb.2018.22.004 OR http://jst.tsinghuajournals.com/EN/Y2018/V58/I1/20

[1]	LANG T, BRANCH P, ARMITAGE G. A synthetic traffic model for Quake3[C]//2004 ACM SIGCHI International Conference on Advances in Computer Entertainment Technology. Singapore:ACM, 2004:233-238.
[2]	陈亮, 龚俭, 徐选. 基于特征串的应用层协议识别[J]. 计算机工程与应用, 2006, 42(24):16-19. CHEN L, GONG J, XU X. Identification of application level protocols using characteristic[J]. Computer Engineering and Applications, 2006, 42(24):16-19. (in Chinese)
[3]	LIN Y D, LU C N, LAI Y C, et al. Application classification using packet size distribution and port association[J]. Journal of Network and Computer Applications, 2009, 32(5):1024-1030.
[4]	MOORE A W, PAPAGIANNAKI K. Toward the accurate identification of network applications[C]//6th International Conference on Passive and Active Network Measurement. Boston, MA, USA:Springer, 2013:41-54.
[5]	YU J, LEE H, IM Y, et al. Real-time classification of Internet application traffic using a hierarchical multi-class SVM[J]. KSⅡ Transactions on Internet and Information Systems, 2010, 4(5):859-876.
[6]	ZHANG J, XIANG Y, WANG Y. Network traffic classification using correlation information[J]. IEEE Transactions on Parallel and Distributed Systems, 2013, 24(1):104-117.
[7]	SHAFIQ M, YU X Z, LAGHARI A, et al. Network traffic classification techniques and comparative analysis using machine learning algorithms[C]//20162nd IEEE International Conference on Computer and Communications. Chengdu, 2016:2451-2455.
[8]	IBRAHIM H A H, ZUOBI O R A A, AL-NAMARI M A, et al. Internet traffic classification using machine learning approach:Datasets validation issues[C]//2016 Conference of Basic Sciences and Engineering Studies. Khartoum, Sudan, 2016:158-166.
[9]	DEVI S R, YOGESH P. A hybrid approach to counter application layer DDoS attacks[J]. International Journal on Cryptography and Information Security, 2012, 2(2):45-52.
[10]	高赟, 周薇, 韩翼中, 等. 一种基于文法压缩的日志异常检测算法[J]. 计算机学报, 2014, 37(1):73-86.GAO Y, ZHOU W, HAN J Z, et al. An online log anomaly detection method based on grammar compression[J]. Chinese Journal of Computers, 2014, 37(1):73-86. (in Chinese)
[11]	WANG C Z, ZHANG H L, YE Z W. A peer to peer traffic identification method based on support vector machine and artificial bee colony algorithm[C]//2015 IEEE 8th International Conference on Intelligent Data Acquisition and Advanced Computing Systems:Technology and Applications. Warsaw, Poland, 2015:982-986.
[12]	WANG Y, CHEN C, XIANG Y. Unknown pattern extraction for statistical network protocol identification[C]//2015 IEEE 40th Conference on Local Computer Networks. Clearwater Beach, USA, 2015:506-509.
[13]	CHEN T, LIAO X. An optimized solution of application layer protocol identification based on regular s[C]//201618th Asia-Pacific Network Operations and Management Symposium. Kanazawa, Japan, 2016:1-4.
[14]	HE H M, TIWARI A, MEHNEN J. Incremental information gain analysis of input attribute impact on RBF-kernel SVM spam detection[C]//2016 IEEE Congress on Evolutionary Computation. Vancouver, Canada, 2016:1022-1029.

[1]	XIA Zhuoqun, LI Wenhuan, JIANG Lalin, XU Ming. Path analysis attack prediction method for electric power CPS[J]. Journal of Tsinghua University(Science and Technology), 2018, 58(2): 157-163.
[2]	ZHAO Jun, BAO Congxiao, LI Xing. OpenFlow based software overlay router[J]. Journal of Tsinghua University(Science and Technology), 2018, 58(2): 164-169.
[3]	ZHANG Ting, WANG Yi, YANG Tong, LU Jianyuan, LIU Bin. Design and implementation of an evaluation platform for NDN name lookup algorithms[J]. Journal of Tsinghua University(Science and Technology), 2018, 58(1): 1-7.
[4]	GAO Yang, MA Yangyang, ZHANG Liang, WANG Meilin, WANG Weiping. Synchronization control of cyber physical systems during malicious stochastic attacks[J]. Journal of Tsinghua University(Science and Technology), 2018, 58(1): 14-19.
[5]	JIANG Zhuo, WU Qian, LI Hewu, WU Jianping. Link on-off prediction based multipath transfer optimization for aircraft[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(12): 1239-1244.
[6]	ZHANG Yu, PAN Xiaoming, LIU Qingzhong, CAO Junkuo, LUO Ziqiang. APT attacks and defenses[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(11): 1127-1133.
[7]	HAN Xinhui, WEI Shuang, YE Jiayi, ZHANG Chao, YE Zhiyuan. Detect use-after-free vulnerabilities in binaries[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(10): 1022-1029.
[8]	CAO Laicheng, HE Wenwen, LIU Yufei, GUO Xian, FENG Tao. Cooperative dynamic data possession scheme across a cloud storage environment[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(10): 1048-1055.
[9]	LIU Wu, WANG Yongke, SUN Donghong, REN Ping, LIU Ke. Login authentication vulnerability mining and improved login authentication method based on an open source intelligent terminal[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(9): 897-902.
[10]	MA Rui, ZHU Tianbao, MA Ke, HU Changzhen, ZHAO Xiaolin. Single-witness-based distributed detection for node replication attack[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(9): 909-913,920.
[11]	YAN Jianen, ZHANG Zhaoxin, XU Haiyan, ZHANG Hongli. Detection of IRC Botnet C&C channels using the instruction syntax[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(9): 914-920.
[12]	CHEN Yu, WANG Na, WANG Jindong. An n-fold reduction of linguistic variables based on the triangular fuzzy numbers[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(8): 892-896.
[13]	LI Yu, ZHAO Yong, GUO Xiaodong, LIU Guole. An assurance model for accesscontrol on cloud computing systems[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(4): 432-436.
[14]	XU Mingwei, XIA Anqing, YANG Yuan, WANG Yuliang, SANG Meng. Intra-domain routing protocol OSPF+ for integrated terrestrial and space networks[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(1): 12-17.
[15]	WANG Weiping, BAI Junyang, ZHANG Yuchan, WANG Jianxin. Dynamic taint tracking in JavaScript using revised code[J]. Journal of Tsinghua University(Science and Technology), 2016, 56(9): 956-962,968.

Viewed

Full text

Abstract

Cited

Shared

Discussed