%0 Journal Article %T 运载火箭测发网络异常流量识别技术<br>Abnormal traffic flow identification for a measurement and control network for launch vehicles %A 徐洪平 %A 刘洋 %A 易航 %A 阎小涛 %A 康健 %A 张文瑾 %J 清华大学学报(自然科学版) %D 2018 %R 10.16511/j.cnki.qhdxxb.2018.22.004 %X 运载火箭测发网络系统是维系运载火箭各系统远距离测试发射控制的重要国防信息基础设施,测发网络流量数据的精准分析是检测异常行为和保障信息安全的关键举措。该文综合利用端口映射识别、载荷特征识别、统计分析和支持向量机(SVM)学习算法,构建动态混合识别策略,通过端口映射和载荷特征识别获取机器学习训练样本,利用信息增益完成特征选择,构建SVM机器学习识别模型并进行样本训练,建立投票机制实现流量数据综合分析。利用测发网络真实数据进行测试表明:该算法识别准确度达99.1%,并有效地降低了人工判决分析的次数。<br>Abstract:The measurement and control network of a launch vehicle is an important national defense information infrastructure for remote measurements and launch control. This network provides a key measure to detect abnormal behavior and ensure information security through accurate analysis of the traffic. This paper describes a network strategy using the port mapping method, payload matching, and support vector machine (SVM) learning algorithm. The training samples are produced by the port mapping and payload matching method. Then, the key features are selected based on the information gain. Next, the SVM model is built with these features and trained by the training samples. The traffic data is then analyzed by the voting mechanism. Actual data from the network is used to verify the method with the results showing that this method has an accuracy of 99.1% with far fewer manual analyses. %K 运载火箭测发网络 %K 端口映射 %K 载荷精确特征匹配 %K 动态混合策略 %K 支持向量机(SVM)学习 %K < %K br> %K measurement and control network of launch vehicle %K port mapping %K payload matching %K dynamic strategy %K support vector machine (SVM) learning %U http://jst.tsinghuajournals.com/CN/Y2018/V58/I1/20