基于余弦测度下K-means的网络空间终端设备识别

doi:10.7523/j.issn.2095-6134.2016.04.019

中国科学院大学学报 ›› 2016, Vol. 33 ›› Issue (4): 562-569.DOI: 10.7523/j.issn.2095-6134.2016.04.019

基于余弦测度下K-means的网络空间终端设备识别

曹来成¹, 赵建军^1,2, 崔翔², 李可^2,3

1. 兰州理工大学计算机与通信学院, 兰州 730050;
2. 中国科学院信息工程研究所, 北京 100093;
3. 北京邮电大学计算机学院, 北京 100876

收稿日期:2016-01-07 修回日期:2016-03-17 发布日期:2016-07-15
通讯作者: 赵建军
基金资助:
国家自然科学基金（61562059，61461027）资助

Cyberspace device identification based on K-means with cosine distance measure

CAO Laicheng¹, ZHAO Jianjun^1,2, CUI Xiang², LI Ke^2,3

1. School of Computer and Communication, Lanzhou University of Technology, Lanzhou 730050, China;
2. Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;
3. School of Computer Science, Beijing University of Posts and Telecommunications, Beijing 100876, China

Received:2016-01-07 Revised:2016-03-17 Published:2016-07-15

摘要/Abstract

摘要：

针对传统Web指纹识别方法中识别对象局限于主流Web服务器软件的问题，提出一种基于余弦测度下K-means的网络空间终端设备识别模型。首先，设计识别模型和确定验证方法。其次，选取返回的HTTP数据包头部字段和状态码作为终端设备特征，对特征进行提取和向量化后转化为32维特征向量。再次，选取余弦距离函数作为K-means聚类算法中的相似性度量函数。最后，根据识别模型设计实验算法流程，对网络空间中的无标记样本和标记样本进行识别实验。实验结果表明，该模型能够识别无线路由器、网络摄像头和智能交换机等终端设备，并具有较高的识别准确率和较低的识别遗漏率。

关键词: 网络空间, 终端设备, K-means, 余弦测度, 指纹识别

Abstract:

Since the traditional web fingerprinting methods are limited to identification of mainstream web server softwares, a kind of cyberspace device identification model based on K-means with cosine distance measure is proposed.Firstly, identification model is designed and verification method is determined.Secondly, the header fields and the status code of HTTP response are selected as characteristics of terminal device and then the characteristics are transformed into 32-dimensional feature vector by feature extraction and vectorization.Thirdly, cosine distance function is selected as similarity measuring function in K-means.Finally, experiment algorithm process is designed according to the identification model and the experiments for unlabeled samples and labeled samples are carried out.The results show that the identification model works for many kinds of terminal devices, including wireless router, web camera, and intelligent switch, and has high accuracy rate and low omission rate.

Key words: cyberspace, terminal device, K-means, cosine measure, fingerprinting

中图分类号:

TP393

曹来成, 赵建军, 崔翔, 李可. 基于余弦测度下K-means的网络空间终端设备识别[J]. 中国科学院大学学报, 2016, 33(4): 562-569.

CAO Laicheng, ZHAO Jianjun, CUI Xiang, LI Ke. Cyberspace device identification based on K-means with cosine distance measure[J]. , 2016, 33(4): 562-569.

参考文献

[1] ZoomEye.网络设备统计分析 .(2015-12-31) .https://www.zoomeye.org/statistic/device.
[2] Gallagher S.Backdoor in wireless DSL routers lets attacker reset router, get admin .(2014-01-03) 12-31].http://arstechnica.com/security/2014/01/backdoor- in-wireless-dsl-routers-lets-attacker-reset-router-get-admin/.
[3] Chirgwin R.Hacker backdoors Linksys, Netgear, Cisco and otheh routers .(2014-01-06) .http:// www.theregister.co.uk/2014/01/06/hacker_backdoors_linksys_netgear_cisco_and_other_routers/.
[4] 国家互联网应急中心.关于多款D-LINK路由器产品存在后门漏洞的情况通报 .(2013-10-25) .http://www.cert.org.cn/publish/main/9/2013/20131025152943288740930/20131025152943288740930_.html.
[5] Singh D, Sinha R, Songara P, et al.Vulnerabilities and attacks targeting social networks and industrial control systems[J].Eprint Arxiv, 2014, 4(1):133-142.
[6] 彭勇, 江常青, 谢丰, 等.工业控制系统信息安全研究进展[J].清华大学学报:自然科学版, 2012, 52(10): 1 396-1 408.
[7] 卢慧康.工业控制系统脆弱性测试与风险评估研究 .上海:华东理工大学, 2014.
[8] Shah S.An introduction to HTTP fingerprinting .(2004-05-19) .http://net-square.com/httprint_paper.html.
[9] Lee D, Rowe J, Ko C, et al.Detecting and defending against Web-server fingerprinting //CSAC 2002: 2002 Computer Security Applications Conference.United States: IEEE Computer Society, 2002: 321-330.
[10] 杨可新, 鞠九滨.利用Web指纹进行服务映射[J].计算机工程与应用, 2004, 40(4): 7-9.
[11] Fyodor.Remote OS detection via TCP/IP stack fingerprinting[J].Phrack Magazine, 1998, 17(3): 1-10.
[12] 吴少华, 孙丹, 胡勇.基于贝叶斯理论的Web服务器识别[J].计算机工程, 2015, 41(7): 190-193,198.
[13] 刘三民, 孙知信, 刘余霞.基于K均值集成和SVM的P2P流量识别研究[J].计算机科学, 2012, 39(4): 46-48,74.
[14] 陈磊磊.不同距离测度的K-Means文本聚类研究[J].软件, 2015, 36(1): 56-61.

基于余弦测度下K-means的网络空间终端设备识别

Cyberspace device identification based on K-means with cosine distance measure

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 6

编辑推荐

Metrics

本文评价

访问统计

联系我们

[1]	江璐, 赵彤, 吴敏. 基于深度卷积神经网络的指纹纹型分类算法[J]. 中国科学院大学学报, 2016, 33(6): 808-814.
[2]	闫淑筠, 王文杰, 张玉清. 一种有效的Web指纹识别方法[J]. 中国科学院大学学报, 2016, 33(5): 679-685.
[3]	吴文娣, 程希骏, 刘峰. 基于K-means聚类和广义熵约束的CVaR投资组合模型[J]. 中国科学院大学学报, 2016, 33(1): 31-36.
[4]	杨延青, 任应超. 可伸缩的异步网络空间信息处理集群服务[J]. 中国科学院大学学报, 2015, 32(1): 103-109.
[5]	秦钰;　荆继武;　向继;　张爱华. 基于优化初始类中心点的K-means改进算法[J]. 中国科学院大学学报, 2007, 24(6): 771-777.
[6]	刘务华; 罗铁坚; 王文杰. 文本聚类算法的质量评价[J]. 中国科学院大学学报, 2006, 23(5): 640-646.