摘要
为了应对应用层CC攻击隐蔽性强、检测难度大的问题,本文提出了一种基于集成One-Class SVM模型的CC攻击检测方法。首先,从实际Web访问日志中提取多维特征,构建训练数据集,并采用特征子空间扰动、样本空间扰动及参数扰动等策略,提升子模型的多样性和整体鲁棒性。随后,通过集成多个One-Class SVM子模型,形成综合判别机制,以提高检测准确率与降低误报率。实验结果表明,集成One-Class SVM模型在准确率、精确率、召回率、假正率及AUC等指标上均优于单一模型及传统方法,其中AUC值达到0.935。进一步通过消融实验验证了各模块对整体性能的贡献,充分证明了所提方法在应用层CC攻击检测中的有效性和实用性。
In order to address the issues of strong concealment and difficult detection of CC attacks at the application layer,this paper proposes a CC attack detection method based on an integrated One Class SVM model.Firstly,multidimensional features are extracted from actual web access logs,a training dataset is constructed,and strategies such as feature subspace perturbation,sample space perturbation,and parameter perturbation are adopted to enhance the diversity and overall robustness of the sub models.Subsequently,by integrating multiple One Class SVM sub models,a comprehensive discrimination mechanism was formed to improve detection accuracy and reduce false alarm rates.The experimental results show that the integrated One Class SVM model is superior to the single model and traditional methods in accuracy,accuracy,recall,false positive rate and AUC,among which the AUC value reaches 0.935.Furthermore,the contribution of each module to the overall performance was verified through ablation experiments,fully demonstrating the effectiveness and practicality of the proposed method in detecting CC attacks at the application layer.
出处
《现代传输》
2026年第1期51-56,共6页
Modern Transmission
