流谱理论及其在网络防御中的应用

doi:10.13190/j.jbupt.2021-271

北京邮电大学学报 ›› 2022, Vol. 45 ›› Issue (3): 19-25.doi: 10.13190/j.jbupt.2021-271

流谱理论及其在网络防御中的应用

郭世泽¹, 吕仁健¹, 何明枢², 张杰², 俞赛赛³

1. 北京邮电大学网络空间安全学院, 北京 100876;
2. 北京邮电大学电子工程学院, 北京 100876;
3. 中国电子科技集团公司第三十研究所, 成都 610041

收稿日期:2021-11-04 出版日期:2022-06-28 发布日期:2022-06-01
通讯作者: 张杰(1972—),男,教授,jie.zhang@bupt.edu.cn。 E-mail:jie.zhang@bupt.edu.cn
作者简介:郭世泽(1969—),男,教授。
基金资助:
国家自然科学基金面上项目(62071056)

Application of Flow Spectrum Theory in Network Defense

GUO Shize¹, Lü Renjian¹, HE Mingshu², ZHANG Jie², YU Saisai³

1. School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100876, China;
2. School of Electronic Engineering, Beijing University of Posts and Telecommunications, Beijing 100876, China;
3. No.30 Institute of China Electronics Technology Group Corporation, Chengdu 610041, China

Received:2021-11-04 Online:2022-06-28 Published:2022-06-01

摘要/Abstract

摘要： 在网络数据处理和分析过程中,针对传统方法存在的观测量大、可解释性差、特征分离难度高等问题,提出了将网络流数据从原始"流"空间映射至"流谱"空间基本方法,满足网络行为的可解释性、可观测、可表达、可处置要求,从而能够更好地完成下游任务。基于高维目标低秩化的矩阵压缩原理,实现了对数据的低维描述,完成了原始网络流从"流"到数据特征矩阵的映射。通过矩阵论、信息论、度量空间相关理论,建立了多个尽可能同构表达的基底谱空间,完成特征矩阵在"谱"空间的可分离同构映射。通过"流谱"对背景网络流、网络威胁、恶意攻击、异常行为进行刻画,应用在网络防御中,提升了网络空间的防御能力,为网络空间防御体系提供了新的思路。

关键词: 网络流, 流谱, 网络防御, 异常行为分析, 威胁表征

Abstract: In the process of network data processing and analysis, to solve the problems of large observation, poor interpretability and high difficulty of feature separation in traditional methods, the basic method of mapping network flow data from the original "flow" space to the "flow spectrum" space is proposed. The proposed method satisfies and thus the requirements of interpretability, observability, express ability and disposal of network behavior, and thus the downstream tasks can be weel completed. Based on the matrix compression principle of the low rank of high-dimensional objectives, the low-dimensional description of data is realized, and the mapping of the original network flow from "flow" to data characteristic matrix is completed. Based on matrix theory, information theory and metric space theory, multiple base spectral spaces that are expressed as isomorphically as possible are established to complete the separable isomorphic mapping of a characteristic matrix in "spectral" space. The background network flow, network threat, malicious attack and abnormal behavior are descrebed through the "flow spectrum", which is applied in network defense to improve the defense ability of cyberspace and provide new ideas for the defense system of cyberspace.

Key words: network traffic, flow spectrum, network defense, malicious behavior analysis, threat indication

中图分类号:

TN911.22

郭世泽, 吕仁健, 何明枢, 张杰, 俞赛赛. 流谱理论及其在网络防御中的应用[J]. 北京邮电大学学报, 2022, 45(3): 19-25.

GUO Shize, Lü Renjian, HE Mingshu, ZHANG Jie, YU Saisai. Application of Flow Spectrum Theory in Network Defense[J]. Journal of Beijing University of Posts and Telecommunications, 2022, 45(3): 19-25.

参考文献

[1] 国家互联网应急中心. 2020年中国互联网网络安全报告[EB/OL].北京:人民邮电出版社, 2021:(2021-07-21)[2021-10-26]. http://www.cac.gov.cn/2021-07/21/c_1628454189500041.htm.
[2] 李利,韩伟红,梅阳阳,等.当前网络空间安全技术发展现状及思考[J].信息技术与网络安全, 2021, 40(5):33-38. LI L, HAN W H, MEI Y Y, et al. The current situation and thinking of the development of cyberspace security technology[J]. Information Technology and Network Security, 2021, 40(5):33-38.
[3] 贾焰,方滨兴,李爱平,等.基于人工智能的网络空间安全防御战略研究[J].中国工程科学, 2021, 23(3):98-105. JIA Y, FANG B X, LI A P, et al. Artificial intelligence enabled cyberspace security defense[J]. Strategic Study of CAE, 2021, 23(3):98-105.
[4] 张勇东,陈思洋,彭雨荷,等.基于深度学习的网络入侵检测研究综述[J].广州大学学报(自然科学版), 2019, 18(3):17-26. ZHANG Y D, CHEN S Y, PENG Y H, et al. A survey of deep learning based network intrusion detection[J]. Journal of Guangzhou University (Natural Science Edition), 2019, 18(3):17-26.
[5] FINSTERBUSCH M, RICHTER C, ROCHA E, et al. A survey of payload-based traffic classification approaches[J]. IEEE Communications Surveys&Tutorials, 2014, 16(2):1135-1156.
[6] MARIN G, CASAS P, CAPDEHOURAT G. Deep in the dark-deep learning-based malware traffic detection without expert knowledge[C]//IEEE Security and Privacy Workshops. Piscataway, NJ:IEEE Press, 2019:36-42.
[7] KANNA P R, SANTHI P. Unified deep learning approach for efficient intrusion detection system using integrated spatial-temporal features[J]. Knowledge-Based Systems, 2021, 226(1):107132-107144.
[8] YU L, DONG J T, CHEN L H, et al. PBCNN:Packet bytes-based convolutional neural network for network intrusion detection[J]. Computer Networks, 2021, 194(1):108117-108139.
[9] WANG Z H, JIANG D D, HUO L W, et al. An efficient network intrusion detection approach based on deep learning[J]. Wireless Networks, 2021, 1(1):1-14.
[10] SWARNA S, RATNA S. Investigation of machine learning techniques in intrusion detection system for IoT network[C]//International Conference on Intelligent Sustainable Systems. Piscataway, NJ:IEEE Press, 2020:1164-1167.
[11] MOUSTAFA N, SLAY J. UNSW-NB15:a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set)[C]//Military Communications and Information Systems Conference. Piscata-way, NJ:IEEE Press, 2015:1-6.

[1]	田中大潘信澎. 小波消噪和优化支持向量机的网络流量预测[J]. 北京邮电大学学报, 2022, 45(5): 79-84.
[2]	牟晓惠, 李丽香. Dropout回声状态网络的网络流量预测[J]. 北京邮电大学学报, 2021, 44(5): 10-13,20.
[3]	吕昕晨, 张晨宇. 面向车联网自动驾驶的边缘智能多源数据处理[J]. 北京邮电大学学报, 2021, 44(2): 102-108.
[4]	石乐义, 李剑蓝, 郭宏彬, 马猛飞, 陈鸿龙. 基于深度信念网络的端信息跳变模式自适应策略[J]. 北京邮电大学学报, 2019, 42(3): 64-71.
[5]	赵季红, 王明欣, 曲桦, 谢志勇, 刘熙. 一种基于自适应KLMS的卫星网络流量预测算法[J]. 北京邮电大学学报, 2018, 41(3): 51-55.
[6]	田中大, 李树江, 王艳红, 王向东. 高斯过程回归补偿ARIMA的网络流量预测[J]. 北京邮电大学学报, 2017, 40(6): 65-73.
[7]	黎阳, 武昊, 刘斌. 自适应非线性流采样算法的硬件实现[J]. 北京邮电大学学报, 2016, 39(3): 85-90.
[8]	聂荣聂林刘超慧雷振明兰巨龙. BitTorrent网络特性的测量与研究[J]. 北京邮电大学学报, 2012, 35(3): 125-128.
[9]	李锐,朱洪亮,辛阳,王枞,杨义先. 基于分形理论P2P流量行为的自相似性[J]. 北京邮电大学学报, 2010, 33(4): 35-38.
[10]	孙韩林，金跃辉，崔毅东，程时端. 粗粒度网络流量的灰色模型预测[J]. 北京邮电大学学报, 2010, 33(1): 7-11.
[11]	石恒华;何泾沙;许鑫. 基于三元组信息的网络流量检测点选取算法[J]. 北京邮电大学学报, 2009, 32(s1): 73-76.
[12]	邹德斌张兴王文博. 移动通信网中基于级串框架的网络流量性能分析[J]. 北京邮电大学学报, 2009, 32(2): 101-105.
[13]	林平，余循宜，刘芳，雷振明. 基于流统计特性的网络流量分类算法[J]. 北京邮电大学学报, 2008, 31(2): 15-19.
[14]	刘芳，霍龙浩，雷振明. 基于探针的网络游戏流量监测方法[J]. 北京邮电大学学报, 2006, 29(s2): 110-112.

流谱理论及其在网络防御中的应用

Application of Flow Spectrum Theory in Network Defense

RichHTML

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 14

编辑推荐

Metrics

本文评价