| With the rapid development of Internet, the loss caused by warm viruses has gradually increased. We can deal with the intrusions of warm viruses with many efficient methods if we can detect it accurately. The problem is we don't clearly know whether there is a warm virus existed in the network and what's the harm caused by it later. So an accurate detection method of warm virus is needed. During the breaking out of warm virus, the quantity of data-packets carrying out scanning task increases rapidly. The vast data in the network can cause serious jam at the junctures of the network, even make the ports down. In order to predict the breaking out of warm viruses, we collected a lot of flow data at ports during different periods of the viruses. According to the character of warm virus, we proposed an efficient method which can predict the burst of warm virus exactly. In our research we first pretreated the collected data, including the data cleaning and extracting of the primary components of the flow data. Data cleaning is to eliminate interference which is caused by noise produced by all kinds of reasons so as to get much more precise result. Extracting the primary components of data is to decrease the dimension of the data in order to decrease the quantity of calculation. Then one-dimensional data can be gotten with the Fisher projection method. We show the pairs of primary components of the reduced data or Fisher projection and one of the primary components on a two-dimension plane. Through the visualization analysis we can find the most valuable features of the data which are more beneficial to our prediction task. Based on the selected features, we build classifiers with different feature combination. The final result is obtained by majority vote by the learned classifiers.In order to validate the proposed method, a series of experiments have been done. The number of selected features ranges from 2 to 5. The experiment results showed that the combination of multiple base classifiers can improve the classification... |
PDF Full Text Request