计算机工程 ›› 2019, Vol. 45 ›› Issue (10): 122-129.doi: 10.19678/j.issn.1000-3428.0052713

• 安全技术 • 上一篇    下一篇

基于改进高斯核函数的BGP异常检测方法

戴仙波1,2, 王娜1,2, 刘颖1,2   

  1. 1. 信息工程大学 密码工程学院, 郑州 450001;
    2. 河南省信息安全重点实验室, 郑州 450001
  • 收稿日期:2018-09-20 修回日期:2018-10-31 出版日期:2019-10-15 发布日期:2018-11-09
  • 作者简介:戴仙波(1994-),男,硕士研究生,主研方向为网络与信息安全;王娜,副教授、博士;刘颖,副教授。
  • 基金项目:
    国家重点研发计划(2018YFB0803603);国家自然科学基金(61802436,61502531);河南省自然科学基金(162300410334)。

BGP Anomaly Detection Method Based on Improved Gauss Kernel Function

DAI Xianbo1,2, WANG Na1,2, LIU Ying1,2   

  1. 1. College of Cipher Engineering, Information Engineering University, Zhengzhou 450001, China;
    2. Henan Key Laboratory of Information Security, Zhengzhou 450001, China
  • Received:2018-09-20 Revised:2018-10-31 Online:2019-10-15 Published:2018-11-09

摘要: 通过将边界网关协议(BGP)更新报文激增异常问题抽象为二分类问题,提出一种基于改进高斯核函数的BGP异常检测(IGKAD)方法。采用FMS特征选择算法,选择能同时最大化类间距离和最小化类内距离的特征,得到度量分类能力的特征权值。利用基于Manhattan距离与特征权值的改进高斯核函数构造支持向量机(SVM)分类模型,并结合基于网格搜索与交叉验证的参数寻优方法,提高SVM模型分类准确率。通过设计特征效率函数,给出最优特征子集构造方法,从而选取最优特征子集作为训练数据集。实验结果表明,当训练集包含TOP10和TOP8特征时,IGKAD方法的分类准确率分别为91.65%和90.37%,相比基于机器学习的BGP异常检测方法分类性能更优。

关键词: 高斯核函数, 边界网关协议, 异常检测, 支持向量机, 机器学习

Abstract: By abstracting the Border Gateway Protocol(BGP) update message augmentation anomaly problem into a two-class problem,an Improved Gaussian Kernel Function-based BGP Anomaly Detection(IGKAD) method is proposed.The Fisher-Markov Slector(FMS) feature selection algorithm is used to select the feature that can simultaneously maximize the distance between classes and minimize the distance within the class,and obtain the feature weights of metric classification ability.The improved Gaussian kernel function based on Manhattan distance and feature weight is used to construct the Support Vector Machine(SVM) classification model,and the parameter optimization method based on grid search and cross-validation is combined to improve the classification accuracy of SVM model.By designing the feature efficiency function,the optimal feature subset construction method is given,which is selected as the training dataset.Experimental results show that when the training set contains TOP10 and TOP8 features,the classification accuracy of the IGKAD method is 91.65% and 90.37%,respectively.Compared with the machine learning-based BGP anomaly detection method,the classification performance is better.

Key words: Gauss kernel function, Border Gateway Protocol(BGP), anomaly detection, Support Vector Machine(SVM), machine learning

中图分类号: