CAJ | 학술논문

传统的网络入侵检测方法利用已知类型的攻击样本以离线的方式训练入侵检测模型，虽然对已知攻击类型具有较高的检测率，但是不能识别网络上新出现的攻击类型。这样的入侵检测系统存在着建立系统的速度慢、模型更新代价高等不足，面对规模日益扩大的网络和层出不穷的攻击，缺乏自适应性和扩展性，难以检测出网络上新出现的攻击类型。文中对GHSOM（Growing Hierarchical Self-Organizing Maps）神经网络模型进行了扩展，提出了一种基于增量式GHSOM神经网络模型的网络入侵检测方法，在不破坏已学习过的知识的同时，对在线检测过程中新出现的攻击类型进行增量式学习，实现对入侵检测模型的动态扩展。作者开发了一个基于增量式GHSOM神经网络模型的在线网络入侵检测原型系统，在局域网环境下开展了在线入侵检测实验。实验结果表明增量式GHSOM入侵检测方法具有动态自适应性，能够实现在线检测过程中对GHSOM模型的动态更新，而且对于网络上新出现的攻击类型，增量式GHSOM算法与传统GHSOM算法的检测率相当。
전통적망락입침검측방법이용이지류형적공격양본이리선적방식훈련입침검측모형，수연대이지공격류형구유교고적검측솔，단시불능식별망락상신출현적공격류형。저양적입침검측계통존재착건립계통적속도만、모형경신대개고등불족，면대규모일익확대적망락화층출불궁적공격，결핍자괄응성화확전성，난이검측출망락상신출현적공격류형。문중대GHSOM（Growing Hierarchical Self-Organizing Maps）신경망락모형진행료확전，제출료일충기우증량식GHSOM신경망락모형적망락입침검측방법，재불파배이학습과적지식적동시，대재선검측과정중신출현적공격류형진행증량식학습，실현대입침검측모형적동태확전。작자개발료일개기우증량식GHSOM신경망락모형적재선망락입침검측원형계통，재국역망배경하개전료재선입침검측실험。실험결과표명증량식GHSOM입침검측방법구유동태자괄응성，능구실현재선검측과정중대GHSOM모형적동태경신，이차대우망락상신출현적공격류형，증량식GHSOM산법여전통GHSOM산법적검측솔상당。
Traditional network intrusion detection models are usually trained in off-line way byusing available types of intrusion samples.Although those well-known types of intrusions can bedetected with higher detection rate,it is very difficult to detect those upcoming unknown types ofnetwork intrusions through the existing traditional network intrusion detection models.Theseintrusion detection systems have some defects:the systems are usually established in lower speedand the models are updated in higher cost.Besides,facing the increasing network scale and growingtypes of attacks,the existing intrusion detection systems are lack of adaptability and scalability.This paper expands the GHSOM(Growing Hierarchical Self-organizing Maps)neural networkmodel and presents a network intrusion detection method based on dynamic incremental GHSOMneural network model.The improved GHSOMmodel can be updated in a dynamic and incrementalway by using those online-collected new types of intrusion data during online intrusion detection.This incremental model can be online implemented to detect the new-emerging types of networkintrusions without destroying the existing knowledge in the GHSOMmodel.We developed anintrusion detection prototype system based on the incremental GHSOMalgorithm,and the onlineintrusion detection experiments are carried out under the experimental LAN environment.Theexperiment results show that the intrusion detection method based on the incremental GHSOMalgorithm presented in this paper is dynamic and self-adaptive.The dynamic update of the GHSOMmodel has been verified through the experiment.Besides,the detection rate of ourincremental GHSOMalgorithm is similar with that of the traditional GHSOMalgorithm throughthe comparative experiment for those new-emerging types of network intrusions.