Method For Constructing Vulnerability Attack Database And Identifying Attack Program In Network Traffic

With the continuous development of society,the network has brought many changes to our life,but in the process of gradually expanding the scale of the network,there are more and more exploitable vulnerabilities in the network,and attackers may use these vulnerabilities to launch attacks,which can bring great economic losses to users.Vulnerability attacks in network traffic have become a threat that cannot be ignored,so it is important to conduct research for attacks in network traffic.In recent years,many scholars have studied the vulnerability attacks in network traffic and achieved certain results,but the current research can be further improved in two aspects:(1)there are many methods for feature analysis of vulnerability attacks,each method has advantages and disadvantages and the effect of feature reduction can be further improved,while most of the research has only done the classification of vulnerability attacks to identify the vulnerability attacks.There is no reasonable use of vulnerability attacks after classification,and there is not a perfect vulnerability attack database in the direction of network traffic;(2)At present,when identifying the attack program,the data set is divided into training set and test set,and the difference of the training set will affect the recognition effect of the test set,but the identification of the attack program based on the vulnerability attack database can further improve the error.According to the above problems,the research is carried out for the attacks in network traffic,focusing on the vulnerability attack database and the identification of attack programs,and the main work of this thesis is as follows:1.The Vulnerability Attack Database Algorithm based on Similarity Measurement(SM-VADA)is proposed.Firstly,the data set in the network traffic is preprocessed,and then an improved combined feature dimensionality reduction method is applied to the data set.In the Filter method,we use the Relief F algorithm based on the distance criterion and the Correlation-based Feature Selection(CFS)method.The combination of Filter and Wrapper feature selection further eliminates redundant features and selects the feature set that better represents the characteristics of the dataset,and since there is a problem of high-dimensional feature space in the feature set,the feature set is extracted by Principal Component Analysis(PCA)to obtain the optimal feature subset.Then the multi-classification identification of network traffic is completed,and the data after classification is analyzed by the mixed similarity coefficient method to determine whether it is duplicated with the data in the vulnerability attack database and reduce the overlap between the data.Finally,it is verified that the SM-VADA algorithm is effective in classifying vulnerability attacks and the redundancy of the constructed vulnerability attack database is also minimized.2.The Attack Program Identification Algorithm based on Attribute Similarity and Decision Tree(ASDT-APIA)is proposed.The feature extraction method is improved by proposing the secondary feature selection based on principal component analysis to obtain the key feature subset of the dataset,and the data in the vulnerability attack database is used as the training set to form the classification model by constructing the decision tree through Very Fast Decision Tree(VFDT)algorithm to complete the classification of the attack program.The final experiments show that the ASDT-APIA method has a certain degree of improvement in the accuracy and mean accuracy of recognition.3.A prototype system of vulnerability attack database based on similarity metric and attack program identification in network traffic is designed and implemented.The prototype system includes three modules: data collection module,vulnerability attack database module,and attack program identification module,and the Vulnerability Attack Database Algorithm based on Similarity Measurement(SM-VADA)and the Attack Program Identification Algorithm based on Attribute Similarity and Decision Tree(ASDT-APIA)proposed in this thesis are verified.At the same time,the system is easy to operate.