运载火箭测发网络系统是维系运载火箭各系统远距离测试发射控制的重要国防信息基础设施,测发网络流量数据的精准分析是检测异常行为和保障信息安全的关键举措。该文综合利用端口映射识别、载荷特征识别、统计分析和支持向量机(SVM)学习算法,构建动态混合识别策略,通过端口映射和载荷特征识别获取机器学习训练样本,利用信息增益完成特征选择,构建SVM机器学习识别模型并进行样本训练,建立投票机制实现流量数据综合分析。利用测发网络真实数据进行测试表明:该算法识别准确度达99.1%,并有效地降低了人工判决分析的次数。
The measurement and control network of a launch vehicle is an important national defense information infrastructure for remote measurements and launch control. This network provides a key measure to detect abnormal behavior and ensure information security through accurate analysis of the traffic. This paper describes a network strategy using the port mapping method, payload matching, and support vector machine (SVM) learning algorithm. The training samples are produced by the port mapping and payload matching method. Then, the key features are selected based on the information gain. Next, the SVM model is built with these features and trained by the training samples. The traffic data is then analyzed by the voting mechanism. Actual data from the network is used to verify the method with the results showing that this method has an accuracy of 99.1% with far fewer manual analyses.
[1] LANG T, BRANCH P, ARMITAGE G. A synthetic traffic model for Quake3[C]//2004 ACM SIGCHI International Conference on Advances in Computer Entertainment Technology. Singapore:ACM, 2004:233-238.[2] 陈亮, 龚俭, 徐选. 基于特征串的应用层协议识别[J]. 计算机工程与应用, 2006, 42(24):16-19. CHEN L, GONG J, XU X. Identification of application level protocols using characteristic[J]. Computer Engineering and Applications, 2006, 42(24):16-19. (in Chinese)[3] LIN Y D, LU C N, LAI Y C, et al. Application classification using packet size distribution and port association[J]. Journal of Network and Computer Applications, 2009, 32(5):1024-1030.[4] MOORE A W, PAPAGIANNAKI K. Toward the accurate identification of network applications[C]//6th International Conference on Passive and Active Network Measurement. Boston, MA, USA:Springer, 2013:41-54.[5] YU J, LEE H, IM Y, et al. Real-time classification of Internet application traffic using a hierarchical multi-class SVM[J]. KSⅡ Transactions on Internet and Information Systems, 2010, 4(5):859-876.[6] ZHANG J, XIANG Y, WANG Y. Network traffic classification using correlation information[J]. IEEE Transactions on Parallel and Distributed Systems, 2013, 24(1):104-117.[7] SHAFIQ M, YU X Z, LAGHARI A, et al. Network traffic classification techniques and comparative analysis using machine learning algorithms[C]//20162nd IEEE International Conference on Computer and Communications. Chengdu, 2016:2451-2455.[8] IBRAHIM H A H, ZUOBI O R A A, AL-NAMARI M A, et al. Internet traffic classification using machine learning approach:Datasets validation issues[C]//2016 Conference of Basic Sciences and Engineering Studies. Khartoum, Sudan, 2016:158-166.[9] DEVI S R, YOGESH P. A hybrid approach to counter application layer DDoS attacks[J]. International Journal on Cryptography and Information Security, 2012, 2(2):45-52.[10] 高赟, 周薇, 韩翼中, 等. 一种基于文法压缩的日志异常检测算法[J]. 计算机学报, 2014, 37(1):73-86.GAO Y, ZHOU W, HAN J Z, et al. An online log anomaly detection method based on grammar compression[J]. Chinese Journal of Computers, 2014, 37(1):73-86. (in Chinese)[11] WANG C Z, ZHANG H L, YE Z W. A peer to peer traffic identification method based on support vector machine and artificial bee colony algorithm[C]//2015 IEEE 8th International Conference on Intelligent Data Acquisition and Advanced Computing Systems:Technology and Applications. Warsaw, Poland, 2015:982-986.[12] WANG Y, CHEN C, XIANG Y. Unknown pattern extraction for statistical network protocol identification[C]//2015 IEEE 40th Conference on Local Computer Networks. Clearwater Beach, USA, 2015:506-509.[13] CHEN T, LIAO X. An optimized solution of application layer protocol identification based on regular s[C]//201618th Asia-Pacific Network Operations and Management Symposium. Kanazawa, Japan, 2016:1-4.[14] HE H M, TIWARI A, MEHNEN J. Incremental information gain analysis of input attribute impact on RBF-kernel SVM spam detection[C]//2016 IEEE Congress on Evolutionary Computation. Vancouver, Canada, 2016:1022-1029.
