IP黑名单关联聚类算法对恶意簇检测的优化研究
作者:
作者单位:

作者简介:

通讯作者:

中图分类号:

TN929.5

基金项目:

国家自然科学基金项目


Optimization of malicious cluster detection based on IP blacklist association clustering algorithm
Author:
Affiliation:

Fund Project:

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
  • |
  • 文章评论
    摘要:

    互联网中复杂的恶意活动都是由IP地址集群共同执行的,通过处理在网络中收集的数据来寻找恶意IP簇成为重要的研究方向.提出一种IP黑名单关联聚类算法(IPBACA),首先,构建IPIP无向图;然后,利用测量统计相关性来测量IP黑名单与IP的相关性,并使用给定的IP黑名单来找到最佳阈值得出IP簇,判断其标准化残差是否达标;最后,识别出具有高精度的恶意簇.仿真结果表明,对比ICAMO算法,CAIIB算法和DABR算法,本文提出的IPBACA算法在精确率、召回率、F1指标和归一化互信息等4个主要性能指标方面均有明显改善,显著提高了对检测恶意簇的检测能力.

    Abstract:

    Complex malicious activities in the Internet are jointly performed by IP address clusters. It has become an important research direction to find malicious IP clusters by processing data collected in the network. An IP blacklist association clustering algorithm (IPBACA) is proposed in the paper, in which first constructs an IPIP undirected graph, and then uses measurement statistical correlation to measure the correlation between IP blacklist and IP, and uses the given IP blacklist to find the best threshold worthy of malicious clusters, and judges its standardized residuals whether it is up to standard, it finally identifies a malicious cluster with high precision. The simulation results show, compared with ICAMO algorithm, CAIIB algorithm and DABR algorithm, the IPBACA algorithm proposed in this paper has a significant improvement in the four main performance indicators of precision, recall, F1 and normalized mutual information, and significantly improves the detection ability of malicious clusters.

    参考文献
    相似文献
    引证文献
引用本文

引用本文格式: 刘云,肖添. IP黑名单关联聚类算法对恶意簇检测的优化研究[J]. 四川大学学报: 自然科学版, 2021, 58: 013003.

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2019-09-16
  • 最后修改日期:2020-05-20
  • 录用日期:2020-05-21
  • 在线发布日期: 2021-01-20
  • 出版日期: