信息网络安全 ›› 2018, Vol. 18 ›› Issue (3): 1-7.doi: 10.3969/j.issn.1671-1122.2018.03.001

• •    下一篇

基于云计算入侵检测数据集的内网用户异常行为分类算法研究

陈红松1(), 王钢2, 宋建林3   

  1. 1.北京科技大学计算机与通信工程学院, 北京 100083
    2.铁道警察学院,河南郑州450053
    3.郑州铁路公安局, 河南郑州 450052
  • 收稿日期:2017-12-04 出版日期:2018-03-15 发布日期:2020-05-11
  • 作者简介:

    作者简介:陈红松(1977—),男,山东,副教授,博士,主要研究方向为网络与信息安全、可信计算、云安全、物联网安全、大数据安全分析等;王钢(1958—),男,河南,教授,本科,主要研究方向为网络信息安全、网络犯罪与信息取证等;宋建林(1967—),男,河南,高级工程师,硕士,主要研究方向为基于云计算的铁路公共安全信息研判等。

  • 基金资助:
    国家重点基础研究发展计划(973计划)[2013CB329605];中央高校基本科研业务费专项资金[FRF-GF-17-B27];公安部重大研究项目[201202ZDYJ017]

Research on Anomaly Behavior Classification Algorithm of Internal Network User Based on Cloud Computing Intrusion Detection Data Set

Hongsong CHEN1(), Gang WANG2, Jianlin SONG3   

  1. 1.School of Computer and Communication Engineering, University of Science and Technology Beijing, Beijing 100083, China
    2. Railway Police College, Zhengzhou Henan 450053, China
    3. Zhengzhou Railway Police Security Bureau, Zhengzhou Henan 450052, China
  • Received:2017-12-04 Online:2018-03-15 Published:2020-05-11

摘要:

针对在云计算内网环境下实施入侵检测与用户异常行为分析的难题,文章采用Weka机器学习软件工具自带的典型分类算法对云计算入侵检测数据集进行分类研究,并通过软件工程方法实现了用于内网用户异常行为分类的朴素贝叶斯算法。对恶意行为和正常行为分类的实验结果显示,文章所实现的朴素贝叶斯算法具有较高的分类准确度,可以有效地对云计算入侵检测数据集中的内网用户行为进行分类分析与挖掘,证明了文章所提方案和算法的有效性。

关键词: 云计算, 用户行为, 入侵检测, 机器学习, 分类

Abstract:

In view of the problems of the implementation of intrusion detection and analysis of abnormal behavior under the cloud computing internal network environment, this paper does the classification research on the cloud intrusion detection datasets (CIDD) by using Weka machine learning classification algorithms, and realizes naive Bayesian algorithm for abnormal behavior classification of internal network users through the method of software engineering. Experimental results on the classification of malicious behavior and normal behavior show that the naive Bayesian algorithm implemented in the paper achieves higher classification accuracy. The algorithm can effectively classify and analyze the internal network user behaviors of CIDD, which proves the effectiveness of the proposed scheme and algorithm.

Key words: cloud computing, user behavior, intrusion detection, machine learning, classification

中图分类号: