计算机研究与发展
計算機研究與髮展
계산궤연구여발전
JOURNAL OF COMPUTER RESEARCH AND DEVELOPMENT
2010年
3期
485-492
,共8页
网络入侵检测%在线自适应%影响度函数%数据流%异常检测
網絡入侵檢測%在線自適應%影響度函數%數據流%異常檢測
망락입침검측%재선자괄응%영향도함수%수거류%이상검측
network anomaly detection%online adaptive%influence function%data stream%anomaly detection
随着因特网等计算机网络应用的增加,安全问题越来越突出,对具有主动防御特征的入侵检测系统的需求日趋紧迫.提出一个轻量级的在线自适应网络异常检测系统模型,给出了相关算法.系统能够对实时网络数据流进行在线学习和检测,在少量指导下逐渐构建网络的正常模式库和入侵模式库,并根据网络使用特点动态进行更新.在检测阶段,系统能够对异常数据进行报警,并识别未曾见过的新入侵.系统结构简单,计算的时间复杂度和空间复杂度都很低,满足在线处理网络数据的要求.在DARPA KDD 99入侵检测数据集上进行测试,10%训练集数据和测试集数据以数据流方式顺序一次输入系统,在40s之内系统完成所有学习和检测任务,并达到检测率91.32% 和误报率0.43% 的结果.实验结果表明系统实用性强,检测效果令人满意,而且在识别新入侵上有良好的表现.
隨著因特網等計算機網絡應用的增加,安全問題越來越突齣,對具有主動防禦特徵的入侵檢測繫統的需求日趨緊迫.提齣一箇輕量級的在線自適應網絡異常檢測繫統模型,給齣瞭相關算法.繫統能夠對實時網絡數據流進行在線學習和檢測,在少量指導下逐漸構建網絡的正常模式庫和入侵模式庫,併根據網絡使用特點動態進行更新.在檢測階段,繫統能夠對異常數據進行報警,併識彆未曾見過的新入侵.繫統結構簡單,計算的時間複雜度和空間複雜度都很低,滿足在線處理網絡數據的要求.在DARPA KDD 99入侵檢測數據集上進行測試,10%訓練集數據和測試集數據以數據流方式順序一次輸入繫統,在40s之內繫統完成所有學習和檢測任務,併達到檢測率91.32% 和誤報率0.43% 的結果.實驗結果錶明繫統實用性彊,檢測效果令人滿意,而且在識彆新入侵上有良好的錶現.
수착인특망등계산궤망락응용적증가,안전문제월래월돌출,대구유주동방어특정적입침검측계통적수구일추긴박.제출일개경량급적재선자괄응망락이상검측계통모형,급출료상관산법.계통능구대실시망락수거류진행재선학습화검측,재소량지도하축점구건망락적정상모식고화입침모식고,병근거망락사용특점동태진행경신.재검측계단,계통능구대이상수거진행보경,병식별미증견과적신입침.계통결구간단,계산적시간복잡도화공간복잡도도흔저,만족재선처리망락수거적요구.재DARPA KDD 99입침검측수거집상진행측시,10%훈련집수거화측시집수거이수거류방식순서일차수입계통,재40s지내계통완성소유학습화검측임무,병체도검측솔91.32% 화오보솔0.43% 적결과.실험결과표명계통실용성강,검측효과령인만의,이차재식별신입침상유량호적표현.
The extensive usage of Internet and computer networks makes security a critical issue.There is an urgent need for network intrusion detection systems which can actively defend networks against the growing security threats.In this paper,a light weighted online adaptive network anomaly detection system model is presented.The related influence function based anomaly detection algorithm is also provided.The system can process network traffic data stream in real-time,gradually build up its local normal pattern base and intrusion pattern base under a little supervising of the administrator,and dynamically update the contents of the knowledge base according to the changing of the network application patterns.At the checking mode,the system can detect not only the learned intrusion patterns but also the unseen intrusion patterns.The model has a relatively simple architecture,which makes it efficient for processing online network traffic data.Also the detecting algorithm takes little computational time and memory space.The system is tested on the DARPA KDD 99 intrusion detection datasets.It scans 10% of the training dataset and the testing dataset only once.Within 40 seconds the system can finish the whole learning and checking tasks.The experimental results show that the presented model achieves a detection rate of 91.32% and a false positive rate of only 0.43%.It is also capable of detecting new type of intrusions.
