Research Of Buffer Overflow Attack Detection Based On Random Forest Algorithm

Currently,the problem of software security vulnerabilities is becoming more and more serious.Network attacks against these vulnerabilities are becoming more and more difficult to discover,affecting the information security of the network community.Among them,buffer overflow attacks are the main attack means of hackers,so it is great significance to effectively detect buffer overflow attacks for network community security.At present,the research mainly focuses on mining and analyzing buffer overflow vulnerabilities,and establishing defense detection mechanism.Buffer overflow attacks have not been well detected by current data mining algorithms.The purpose of this dissertation is to study this topic,using random forest algorithm to achieve effective detection of buffer overflow attacks.This dissertation analyzes the various characteristics of data mining algorithm and the scope of application.Among them,the random forest algorithm is more powerful for noise and overfitting,and it can handle tens of thousands of input variables,but also adapt to large data sets,give the important characteristics from the attributes of the data.The random forest algorithm uses the aggregation technique to create multiple decision trees,and then the best classification results are obtained by the majority voting mechanism.In this dissertation,a hybrid algorithm for selecting the optimal attribute is weighted to optimize.The hybrid algorithm based on attribute combine C4.5 and classification and regression tree algorithm,forming a new formula to calculate the optimal attribute.Then the correct rate of each decision tree classification was used to calculate the weight coefficient of each decision tree by one formula.In the final stage of testing,the decision trees use voting mechanism to classify the data set,you need to consider the weight coefficient of each tree,concluded that the best classification result.This dissertation studies the effectiveness of the improved random forest algorithm for detecting buffer overflow attacks,compared with other data mining methods,such as Random Forest algorithm,classification and regression tree and Naive Bayes.The experimental results show that the overall performance of the improved random forest algorithm is better than the RF,CART and NB algorithms.The buffer overflow attack important variables is got by using the improved random forest algorithm that can reduce the dimension of the attributes,and further improve the improved random forest algorithm and other data mining algorithm performance.