摘要
现今大规模网络群体异常事件往往由多个复杂安全事件融合,且这些安全事件之间隐藏着社会化利益与联系,表现出典型的群体性与控制性.对恶意网络群体事件的感知与响应是网络安全管理的重要任务之一.传统的异常检测机制与基于偶图模型的群体异常行为发现方法均未深入分析这些恶意网络行为潜在的社会化关系,且没有考虑交互过程对节点关系的影响.基于此,文中提出一种基于信任的网络群体异常行为发现模型.该模型首先使用网络交互拓扑信息建立网络节点间的信任矩阵;进而结合直接信任度和相关信任度计算网络节点间的相似度,并通过松弛谱聚类算法中的约束条件,增强类数目的自动识别能力,提高节点聚类准确性.实验表明该模型交互能够有效感知网络中的分布式拒绝服务攻击、蠕虫与僵尸网络的异常行为,并对潜伏期内的安全事件行为有较高识别度,同时比基于偶图的行为分类模型具有更高的准确性.
The current large-scale network abnormal event consists of several complex security events which imply inherent social relations,such as groupment and controllability.Perception and response of malicious network incidents is the important task of network security management.The previous network monitoring and detection mechanisms neglect the potential of social relations in these malicious network behaviors.However,the network behavior is the mapping of the social behavior in essence.This paper proposes a novel network group behavior model based on trust through exploring the behavior similarity.This model establishes the trust relationship between the nodes of the network using the network communication topology.Then we use relevant trust concept which is used to increase the trust value between two weak correlation nodes.Based on the network trust matrix,we modify the spectral clustering algorithm to analyze the evolution of the network group anomalous behaviors.Finally,the experiment results show that,our model could detect anomalous behaviors such as denial of service attacks,worm propagations and botnet.Moreover,the classification accuracy of our model is better than the bipartite graph.
出处
《计算机学报》
EI
CSCD
北大核心
2014年第1期1-14,共14页
Chinese Journal of Computers
基金
国家"八六三"高技术研究发展计划项目基金(2011AA010705)
国家"九七三"重点基础研究发展规划项目基金(2011CB302605)
国家自然科学基金(61173145
60203021)资助~~
关键词
网络行为
行为聚类
网络信任
信任计算
network behavior
behavior clustering
network trust
trust computing
