Netinfo Security ›› 2021, Vol. 21 ›› Issue (8): 1-9.doi: 10.3969/j.issn.1671-1122.2021.08.001

Previous Articles     Next Articles

Design and Implementation of an Abnormal IP Identification System Based on Traffic Feature Classification

WEN Weiping(), HU Yezhou, ZHAO Guoliang, CHEN Xiarun   

  1. School of Software and Microelectronics, Peking University, Beijing 100080, China
  • Received:2021-04-12 Online:2021-08-10 Published:2021-09-01
  • Contact: WEN Weiping E-mail:weipingwen@ss.pku.edu.cn

Abstract:

Anomalous IP identification is an important way to track malicious hosts, and is one of the hot spots in network security research. Current applications of machine learning techniques for anomalous IP identification mostly rely on overall network traffic, which will fail under single server traffic and face the problem of high cost of labeled data. To address the above problems, the paper applies clustering algorithm and genetic algorithm to the identification and classification technology of end-to-end abnormal IP hosts, using the multidimensional features of network traffic and IP address feature data detectable on a single host, using a combination of unsupervised learning and semi-supervised learning to achieve the identification and detection of end-to-end abnormal IP, and implements the method as an abnormal IP identification system. The system can achieve the identification of 9 different types of malicious IP in the UNSW-NB15 dataset in the experiment, and the recognition accuracy can reach up to 98.84%. The article method is very effective for malicious IP classification work and can identify unknown types of malicious IP with wide applicability and robustness, and has been applied in the traffic identification system of a national network security center.

Key words: malicious hosts, classification algorithm, host identification, weight vector

CLC Number: