基于特征分析的访问控制混合模型设计与实现

信息安全研究 ›› 2021, Vol. 7 ›› Issue (1): 4-14.

基于特征分析的访问控制混合模型设计与实现

胡星高¹,郑荣锋²,周安民³,刘亮⁴

1. 四川大学网络空间学院
2. 四川大学电子信息学院
3. 四川大学网络空间安全学院
4. 四川大学网络空间学院

收稿日期:2021-01-10 出版日期:2021-01-05 发布日期:2021-01-10
通讯作者: 胡星高
作者简介:胡星高硕士研究生，主要研究方向为网络恶意流量检测. 842429313@qq.com 周安民研究员，主要研究方向为安全防御与管理、移动通信安全． zhouanmin@scu.edu.cn 郑荣锋博士研究生，主要研究方向为信息系统安全． qswhs@foxmail.com 刘亮博士研究生，主要研究方向为系统安全、恶意代码分析、漏洞挖掘与利用、网络安全． Liangzhai118@163.com

Design and Implementation of Access Control Hybrid Model Based on Feature Analysis

Received:2021-01-10 Online:2021-01-05 Published:2021-01-10

摘要/Abstract

摘要： 针对网络空间中缺乏可靠来源的访问控制列表的问题，提出了基于IP特征分析的访问控制混合模型．模型共分为2层：1）通过分析大量基于流的时间特征、空间特征和速度特征，利用统计学与值域压缩方法，挖掘恶意IP的流之间和良性IP的流之间的关联信息差异，形成基于IP特征的特征空间；2）采用1）中提取的特征，结合无监督学习和有监督学习，形成访问控制混合模型,然后通过访问控制混合模型，生成访问控制列表．提出的方法在UNSW-15公开数据集、CICIDS2017公开数据集以及作者实验室人工收集的数据集上进行了测试和验证．实验结果表明，提出的方法的精确率为100%，采用提出的方法获得的可用于访问控制列表的IP数目要多于其他人的算法．

关键词: 基于IP的特征, 访问控制混合模型, 混合模型, 访问控制列表, 值域压缩

Abstract: In order to solve the problem that there is no reliable source of access control list in network space，A hybrid access control model based on IP feature analysis is proposed. The model inclues two layers. In the first layer, by analyzing a large number of stream-based time characteristics, spatial characteristics and speed characteristics, statistics and codomain compression methods are used to dig out the correlation information differences between malicious IP streams and benign IP streams, to form a feature space based on IP characteristics. The second layer adopts the characteristics extracted from the first layer and combines unsupervised learning and supervised learning to form a access control hybrid model. Then, the access control list was generated by the access control hybrid model . This method has been tested and verified on the unsw-15 public dataset, CICIDS2017 public dataset and the data set manually collected by the author's laboratory. Experimental results show that the accuracy of this method is 100%, and the number of IP available for access control list is larger than other algorithms.

Key words: IP-based feature, access control hybrid model, access control list, hybrid model, codomain compression methods

胡星高郑荣锋周安民刘亮. 基于特征分析的访问控制混合模型设计与实现[J]. 信息安全研究, 2021, 7(1): 4-14.

参考文献

Miller Z , Hu W . Data stream subspace clustering for anomalous network packet detection[J]. Journal of Information Security, 2012, 3(3):215-223 [2] Copeland J A, Jerrim J. Packet sampling flow-based detection of network intrusions: US Patent7512980[P]. 2009-03-31 [3] Radware.2018—2019 Global application & network security report. [EB/OL].(2019-01-18)[2020-08-01].https://www.radware.com/ert-report-2018 [4] Shigemoto T, Fujii S, Kuriama I, et al. Development of white list based autonomous evolution of defense system for RAT malware[C]//Proc of the 13th Asia Joint Conference on Information Security. Piscataway,NJ:IEEE, 2018: 95-101 [5] George D, Lehrach W, Kansky K, et al. A generative vision model that trains with high data efficiency and breaks text-based CAPTCHAs[J]. Science, 2017, 358(6368): eaag2612 [6] Jain A K, Gupta B B. A novel approach to protect against phishing attacks at client side using auto-updated white-list[J]. EURASIP Journal on Information Security, 2016, 2016(1): 9 [7] Han W, Cao Y, Bertino E, et al. Using automated individual white-list to protect web digital identities[J]. Expert Systems with Applications, 2012, 39(15): 11861-11869 [8] Shah B, Dave K. SIP based intrusion detection system for VoIP based applications[C]//Proc of the 2nd Int Conf on Information and Communication Technology for Competitive Strategies. New York:ACM, 2016: 28 [9] Gudipati V K, Vetwal A, Kumar V, et al. Detection of Trojan Horses by the analysis of system behavior and data packets[C]//Proc of 2015 Long Island Systems, Applications and Technology. Piscataway,NJ:IEEE, 2015: 1-4 [10] Zhang Z, George R, Shujaee K. An Approach to Malicious Payload Detection[C]//Proc of 2018 World Automation Congress. Piscataway,NJ :IEEE, 2018: 1-5 [11] Aburada K, Arikawa Y, Usuzaki S, et al. Use of access characteristics to distinguish legitimate user traffic from DDoS attack traffic[J]. Artificial Life and Robotics, 2019: 1-6 [12] Zhang X, Zhu P, Tian J, et al. An effective semi-supervised model for intrusion detection using feature selection based LapSVM[C]//Proc of 2017 Int Cconf on Computer, Information and Telecommunication Systems. Piscataway, NJ: IEEE, 2017: 283-286 [13] Yang L, Cai M, Duan Y, et al. Intrusion detection based on approximate information entropy for random forest classification[C]//Proc of the 4th Int Conf on Big Data and Computing. New York:ACM,2019: 125-129 [14] Choi H, Kim M, Lee G, et al. Unsupervised learning approach for network intrusion detection system using autoencoders[J]. The Journal of Supercomputing, 2019, 75(9): 5597-5621 [15] Sharma S K, Pandey P, Tiwari S K, et al. An improved network intrusion detection technique based on k-means clustering via Naïve bayes classification[C]//Proc of IEEE Int Conf on Advances In Engineering, Science And Management. Piscataway, NJ : IEEE, 2012: 417-422 [16] Kumar S. Survey of current network intrusion detection techniques[J]. Washington Univ. in St. Louis, 2007: 1-18 [17] Moustafa N, Slay J. The evaluation of network anomaly detection systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set[J]. Information Security Journal: A Global Perspective, 2016, 25(1/2/3): 18-31 [18] University of New Brunswick. ICIDS2017 [DB/OL]. Fredericton, Canada: Canadian Institute for Cybersecurity, 2017[2020-08-01].