IP黑名单关联聚类算法对恶意簇检测的优化研究

互联网中复杂的恶意活动都是由IP地址集群共同执行的,通过处理在网络中收集的数据来寻找恶意IP簇成为重要的研究方向。提出一种IP黑名单关联聚类算法(IPBACA),首先,构建IP-IP无向图;然后,利用测量统计相关性来测量IP黑名单与IP的相关性,并使用给定的IP黑名单来找到最佳阈值得出IP簇,判断其标准化残差是否达标;最后,识别出具有高精度的恶意簇。仿真结果表明,对比ICAMO算法,CAIIB算法和DABR算法,本文提出的IPBACA算法在精确率、召回率、F1指标和归一化互信息等4个主要性能指标方面均有明显改善,显著提高了对检测恶意簇的检测能力。

Optimization of malicious cluster detection based on IP blacklist association clustering algorithm

Complex malicious activities in the Internet are jointly performed by IP address clusters. It has become an important research direction to find malicious IP clusters by processing data collected in the network. An IP blacklist association clustering algorithm (IPBACA) is proposed in the paper, in which first constructs an IP IP undirected graph, and then uses measurement statistical correlation to measure the correlation between IP blacklist and IP, and uses the given IP blacklist to find the best threshold worthy of malicious clusters, and judges its standardized residuals whether it is up to standard, it finally identifies a malicious cluster with high precision. The simulation results show, compared with ICAMO algorithm, CAIIB algorithm and DABR algorithm, the IPBACA algorithm proposed in this paper has a significant improvement in the four main performance indicators of precision, recall, F1 and normalized mutual information, and significantly improves the detection ability of malicious clusters.