Unsupervised detection method of RoQ covert attacks based on multilayer features
To solve the problems that RoQ covert attacks are hidden in overwhelming background traffic and difficult to identify, besides the existing samples are scarce and cannot provide large-scale learning data, an unsupervised detection method of RoQ covert attacks based on multilayer features was propose...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2022-09-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2022166/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841540007978860544 |
|---|---|
| author | Jing ZHAO Jun LI Chun LONG Wei WAN Jinxia WEI Kai CHEN |
| author_facet | Jing ZHAO Jun LI Chun LONG Wei WAN Jinxia WEI Kai CHEN |
| author_sort | Jing ZHAO |
| collection | DOAJ |
| description | To solve the problems that RoQ covert attacks are hidden in overwhelming background traffic and difficult to identify, besides the existing samples are scarce and cannot provide large-scale learning data, an unsupervised detection method of RoQ covert attacks based on multilayer features was proposed under the condition of very little prior knowledge.First, considering that most normal flow might interfere with subsequent results, a classification method based on semi-supervised spectral clustering was studied by flow characteristics, so that the proportion of normal samples in the filtered traffic was close to 100%.Secondly, in order to distinguish the nuance between the hidden attack features and normal flow without relying on the attack samples, an unsupervised detection model based on the n-Shapelet subsequence was constructed by packet characteristics, and the subsequences with obvious difference were used, which enabled detection of RoQ convert attacks.Experimental results demonstrate that with only a small number of learning samples, the proposed method has higher precision and recall rate than existing methods, and is robust to evading attacks. |
| format | Article |
| id | doaj-art-fe11dacd4a03480dbf0f184d59106eda |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2022-09-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-fe11dacd4a03480dbf0f184d59106eda2025-01-14T06:28:52ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2022-09-014322423959391941Unsupervised detection method of RoQ covert attacks based on multilayer featuresJing ZHAOJun LIChun LONGWei WANJinxia WEIKai CHENTo solve the problems that RoQ covert attacks are hidden in overwhelming background traffic and difficult to identify, besides the existing samples are scarce and cannot provide large-scale learning data, an unsupervised detection method of RoQ covert attacks based on multilayer features was proposed under the condition of very little prior knowledge.First, considering that most normal flow might interfere with subsequent results, a classification method based on semi-supervised spectral clustering was studied by flow characteristics, so that the proportion of normal samples in the filtered traffic was close to 100%.Secondly, in order to distinguish the nuance between the hidden attack features and normal flow without relying on the attack samples, an unsupervised detection model based on the n-Shapelet subsequence was constructed by packet characteristics, and the subsequences with obvious difference were used, which enabled detection of RoQ convert attacks.Experimental results demonstrate that with only a small number of learning samples, the proposed method has higher precision and recall rate than existing methods, and is robust to evading attacks.http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2022166/RoQ converts attackspectral clusteringsemi-supervised clusteringShapelet subsequence |
| spellingShingle | Jing ZHAO Jun LI Chun LONG Wei WAN Jinxia WEI Kai CHEN Unsupervised detection method of RoQ covert attacks based on multilayer features Tongxin xuebao RoQ converts attack spectral clustering semi-supervised clustering Shapelet subsequence |
| title | Unsupervised detection method of RoQ covert attacks based on multilayer features |
| title_full | Unsupervised detection method of RoQ covert attacks based on multilayer features |
| title_fullStr | Unsupervised detection method of RoQ covert attacks based on multilayer features |
| title_full_unstemmed | Unsupervised detection method of RoQ covert attacks based on multilayer features |
| title_short | Unsupervised detection method of RoQ covert attacks based on multilayer features |
| title_sort | unsupervised detection method of roq covert attacks based on multilayer features |
| topic | RoQ converts attack spectral clustering semi-supervised clustering Shapelet subsequence |
| url | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2022166/ |
| work_keys_str_mv | AT jingzhao unsuperviseddetectionmethodofroqcovertattacksbasedonmultilayerfeatures AT junli unsuperviseddetectionmethodofroqcovertattacksbasedonmultilayerfeatures AT chunlong unsuperviseddetectionmethodofroqcovertattacksbasedonmultilayerfeatures AT weiwan unsuperviseddetectionmethodofroqcovertattacksbasedonmultilayerfeatures AT jinxiawei unsuperviseddetectionmethodofroqcovertattacksbasedonmultilayerfeatures AT kaichen unsuperviseddetectionmethodofroqcovertattacksbasedonmultilayerfeatures |