CAJ | 학술논문

入侵检测系统（IDS）如今是网络的重要组成部分，现在各种无线网络及专用网络都已配备检测系统。随着网络技术的迅猛发展，入侵检测的技术已经从简单的签名匹配发展成能充分利用上下文信息的基于异常和混合的检测方式。为了从网络环境大量记录信息中正确有效地识别出入侵，提出一种基于层叠条件随机场模型的入侵检测框架，该框架针对4类不同攻击方式利用条件随机场模型分别进行识别训练，然后逐层进行入侵识别，提高了入侵检测系统的自适应性和可移植性，降低了系统的误报率和误检率，可高精度的识别各种攻击。实验结果表明，该框架可实时有效的识别攻击，启动响应机制进行处理。
입침검측계통（IDS）여금시망락적중요조성부분，현재각충무선망락급전용망락도이배비검측계통。수착망락기술적신맹발전，입침검측적기술이경종간단적첨명필배발전성능충분이용상하문신식적기우이상화혼합적검측방식。위료종망락배경대량기록신식중정학유효지식별출입침，제출일충기우층첩조건수궤장모형적입침검측광가，해광가침대4류불동공격방식이용조건수궤장모형분별진행식별훈련，연후축층진행입침식별，제고료입침검측계통적자괄응성화가이식성，강저료계통적오보솔화오검솔，가고정도적식별각충공격。실험결과표명，해광가가실시유효적식별공격，계동향응궤제진행처리。
Intrusion detection systems are now an essential component in the all kinds of network even including wireless ad hoc network. With the rapid advancement in the network technologies, the focus of intrusion detection has shifted from simple signature matching approaches to detecting attacks based on analyzing contextual information that employed in based on anomaly and hybrid intrusion detection approaches In order to correctly and effectively recognizing the hidden attack intrusion from large volume of low level system logs, a layered based on anomaly intrusion detection framework was proposed using conditional random fields to detect a wide variety of attacks. For models separately, and then processes the data layer fou by r classes of attack the framework trains four different layer to detect intrusion. Attacks could be identified and intrusion response could be initiated in real time with this framework and the system adaptability and portability were improved significantly reduce the system false alarm rate and false detection rate. Experiments show that the CRF model could detect attacks effectively