CAJ | 학술논문

由于实现方式简单、攻击形式多样、威胁范围广、不易防御和区分，拒绝服务(DoS)攻击已经成为网络的最主要安全威胁之一。该文提出了一种ITCM-KNN算法，在此基础上建立了DoS检测框架。使用标准数据集KDD Cup 1999进行算法验证和分析实验。采用基于信息增益算法选择了5个特征，在保证高检测效果的同时减少了特征的维数。该算法不需要对攻击进行学习和建模，使用少量的正常样本作为训练集，提高了检测性能。实验结果表明，改进的TCM-KNN算法检测率高于SVM等算法，达到99.99%。
유우실현방식간단、공격형식다양、위협범위엄、불역방어화구분，거절복무(DoS)공격이경성위망락적최주요안전위협지일。해문제출료일충ITCM-KNN산법，재차기출상건립료DoS검측광가。사용표준수거집KDD Cup 1999진행산법험증화분석실험。채용기우신식증익산법선택료5개특정，재보증고검측효과적동시감소료특정적유수。해산법불수요대공격진행학습화건모，사용소량적정상양본작위훈련집，제고료검측성능。실험결과표명，개진적TCM-KNN산법검측솔고우SVM등산법，체도99.99%。
Because of the simplicity of the implementation, various attacking forms, destructivity, and difficulty of filtering out, DoS has become one of the most serious security threats to the Internet. In this paper, we propose an improved transductive confidence machines for k-nearest neighbors (ITCM-KNN) algorithm and establish a framework for DoS detection. Evaluation and experiments of the algorithm are based on the standard dataset KDD Cup 1999 with 5 selected features using the information gain algorithm, which can ensure high detection rate while reducing the dimension of the features. The proposed algorithm does not need learning and modeling attacks. It only needs a small number of samples as training data set. The comparison results show that the true positive rate (TP) of the improved TCM-KNN algorithm is about 99.99%, which is higher than other detection algorithm such as SVM.