移動(dòng)網(wǎng)絡(luò)未知訪問(wèn)源安全性遠(yuǎn)程預(yù)警方法仿真

摘" 要： 未知訪問(wèn)源以匿名方式進(jìn)行攻擊或入侵是一種具有匿名性和變化性特點(diǎn)的攻擊手段，其多樣化和復(fù)雜性使得準(zhǔn)確識(shí)別攻擊者的來(lái)源變得困難，增加了預(yù)警的難度。為此，提出一種移動(dòng)網(wǎng)絡(luò)未知訪問(wèn)源安全性遠(yuǎn)程預(yù)警方法。構(gòu)建平均功率譜密度函數(shù)，結(jié)合不同特征構(gòu)建訪問(wèn)行為特征向量，利用半監(jiān)督支持向量機(jī)識(shí)別訪問(wèn)行為，利用二階時(shí)域分布檢測(cè)方法得到特征重組后的信號(hào)；其次，引入隨機(jī)森林算法檢測(cè)惡意訪問(wèn)行為，計(jì)算具體惡意訪問(wèn)行為風(fēng)險(xiǎn)發(fā)生概率，依據(jù)風(fēng)險(xiǎn)等級(jí)實(shí)現(xiàn)未知訪問(wèn)源安全性遠(yuǎn)程預(yù)警。實(shí)驗(yàn)結(jié)果表明，所提方法的整體漏警率最高僅為2%，誤警率均在1%以下，且內(nèi)存開(kāi)銷接近內(nèi)存閾值。

關(guān)鍵詞： 移動(dòng)網(wǎng)絡(luò)； 未知訪問(wèn)源； 安全威脅識(shí)別； 遠(yuǎn)程預(yù)警； 訪問(wèn)行為檢測(cè)； 半監(jiān)督支持向量機(jī)

中圖分類號(hào)： TN926+.1?34； TP277" " " " " " " " " "文獻(xiàn)標(biāo)識(shí)碼： A" " " " " " " " " 文章編號(hào)： 1004?373X（2024）12?0069?05

Simulation of remote security warning for unknown access sources in mobile networks

SHEN Yuexin， YIN Xiaoyu， ZHANG Min， XU Jingxuan

（School of Computer Science and Engineering， Northeastern University， Shenyang 110167， China）

Abstract： Anonymous attacks or intrusions from unknown access sources are a type of attack method with characteristics of anonymity and variability. Its diversity and complexity make it difficult to accurately identify the source of the attacker， increasing the difficulty of early warning. To this end， a remote security warning for unknown access sources in mobile networks is proposed. An average power spectral density function is constructed， the access behavior feature vectors is constructed by combinign with different features， semi?supervised support vector machine is used to identify access behavior， and the second?order time?domain distribution detection method is used to obtain the signal after feature recombination. The random forest algorithm is introduced to detect malicious access behavior， calculate the probability of specific malicious access behavior risks， and implement remote security warning for unknown access sources based on risk levels. The experimental results show that the overall 1 alarm rate of the proposed method is only 2%， with 1 alarm rates below 1%， and memory overhead close to the memory threshold.

Keywords： mobile network; unknown access source; security threat identification; remote warning; access behavior detection; semi?supervised support vector machine

0" 引" 言

未知訪問(wèn)源是一種常見(jiàn)的攻擊手段，攻擊者通過(guò)匿名方式進(jìn)行攻擊，使得網(wǎng)絡(luò)安全防護(hù)變得更加困難[1]。由于移動(dòng)網(wǎng)絡(luò)承載了大量的重要信息，如個(gè)人隱私、商業(yè)機(jī)密等，面對(duì)未知訪問(wèn)源的攻擊，這些重要信息的安全性會(huì)受到威脅。因此，為了保證移動(dòng)網(wǎng)絡(luò)的安全性，維護(hù)用戶的利益，未知訪問(wèn)源安全性遠(yuǎn)程預(yù)警方法成為研究熱點(diǎn)。高兵等人采用輕量級(jí)梯度提升機(jī)作為移動(dòng)網(wǎng)絡(luò)未知訪問(wèn)源安全性檢測(cè)模型，通過(guò)麻雀搜索算法改進(jìn)粒子群優(yōu)化算法，獲取輕量級(jí)梯度提升機(jī)最優(yōu)參數(shù)，實(shí)現(xiàn)網(wǎng)絡(luò)入侵檢測(cè)[2]。……