机器学习在医疗与健康应用场景下的
恶意流量检测

doi:10.3969/j.issn.1674-1633.2024.01.003

摘要
图/表
参考文献
相关文章 (15)

全文: PDF (1743 KB) HTML (1 KB)
输出: BibTeX | EndNote (RIS)

摘要目的基于机器学习方法中的随机森林和决策树模型，实现在医疗与健康应用场景下的恶意流量检测。方法以CICIDS2017 样本集作为模型的训练集与验证集，对将该样本集通过Python预处理后的共1708979条数据进行模型训练。预处理后的样本集中训练集占比80%（1367183条），验证集占比20%（341795条），在sklearn中进行随机森林和决策树模型参数调整训练，再将在医疗与健康应用场景下捕获到的500条网络流量作为测试集进行模型泛化能力评估。结果由决策树和随机森林混淆矩阵图可知，决策树模型对于慢速拒绝服务攻击以及跨站脚本攻击的预测准确率为95%，尤其是决策树模型对慢速拒绝服务攻击进行预测时，会将其与跨站脚本攻击混淆。随机森林模型对于慢速拒绝服务攻击预测准确率为 99%，能够正确预测大多数慢速拒绝服务攻击。随机森林模型在医疗与健康应用场景下整体表现良好。结论两种模型对于在医疗与健康应用场景下的恶意流量检测准确率效果较好，但传统的决策树模型准确率低于随机森林模型。随机森林模型更适合在医疗健康场景下的恶意流量检测，可为医疗健康应用场景中的网络安全研究提供参考。

	服务

	把本文推荐给朋友
	加入我的书架
	加入引用管理器
	E-mail Alert
	RSS
	作者相关文章
	高健云¹
	2
	刘颖颖³
	戴依蓝²
	李澍¹

关键词 ：医疗健康应用场景, 机器学习, 决策树, 随机森林, 网络安全

Abstract：Objective To realize the malicious traffic detection in medical and health application scenarios, the random forest and decision tree model in machine learning method were used. Methods CIC-ISD2017 sample set were used as the training and validation set for the model. A total of 1708979 pieces of data were pre-processed in Python for model training. The preprocessed sample set accounted for 80% of the training set (1367183 pieces) and 20% of the validation set (341795 pieces), and was trained by adjusting parameters of random forest and decision tree models on sklearn. Finally, 500 network traffic captured in the built medical and health application scenarios were used as the test set to evaluate the model generalization ability. Results From the decision tree and random forest confusion matrix, the prediction accuracy of decision tree model for slow denial-of-service attacks and cross-site scripting attacks was 95%, especially when decision tree model predicted slow denialof- service attacks, it was confused with cross-site scripting attacks. Random forest model predicted slow denial-of-service attacks with 99% accuracy, could correctly predict most slow denial-of-service attacks. The random forest model performs well in medical and health application scenarios. Conclusion The two models achieve ideal results for malicious traffic detection accuracy in medical and health application scenarios, but the accuracy of the traditional decision tree model is lower than that of the random forest model. The random forest model is more suitable for malicious traffic detection in medical and health scenarios, and can provide some reference for future network security research in medical and health application scenarios.

Key words： medical and health application scenarios machine learning decision tree random forest network security

收稿日期: 2023-07-04

ZTFLH:

R197.39

基金资助:国家重点研发计划（2020YFC2007104）

通讯作者: 李澍 E-mail: lishu@nifdc.org.cn

引用本文:

高健云^1,2，刘颖颖³，戴依蓝²，李澍¹. 机器学习在医疗与健康应用场景下的恶意流量检测[J]. 中国医疗设备, 2024, 39(1): 12-17.
GAO Jianyun^1,2, LIU Yingying³, DAI Yilan², LI Shu¹. Machine Learning for Malicious Traffic Detection in Medical and Health Application Scenarios. China Medical Devices, 2024, 39(1): 12-17.

链接本文:

http://cs.china-cmd.org/zgylsb/CN/10.3969/j.issn.1674-1633.2024.01.003 或 http://cs.china-cmd.org/zgylsb/CN/Y2024/V39/I1/12