计算机学报
計算機學報
계산궤학보
CHINESE JOURNAL OF COMPUTERS
2014年
5期
1216-1224
,共9页
杨雅辉%黄海珍%沈晴霓%吴中海%张英
楊雅輝%黃海珍%瀋晴霓%吳中海%張英
양아휘%황해진%침청예%오중해%장영
增量式学习%生长型分层自组织映射%入侵检测%神经网络%信息安全%网络安全
增量式學習%生長型分層自組織映射%入侵檢測%神經網絡%信息安全%網絡安全
증량식학습%생장형분층자조직영사%입침검측%신경망락%신식안전%망락안전
incremental learning%growing hierarchical SOM%intrusion detection%neural network%information security%network security
传统的网络入侵检测方法利用已知类型的攻击样本以离线的方式训练入侵检测模型,虽然对已知攻击类型具有较高的检测率,但是不能识别网络上新出现的攻击类型。这样的入侵检测系统存在着建立系统的速度慢、模型更新代价高等不足,面对规模日益扩大的网络和层出不穷的攻击,缺乏自适应性和扩展性,难以检测出网络上新出现的攻击类型。文中对GHSOM(Growing Hierarchical Self-Organizing Maps)神经网络模型进行了扩展,提出了一种基于增量式GHSOM神经网络模型的网络入侵检测方法,在不破坏已学习过的知识的同时,对在线检测过程中新出现的攻击类型进行增量式学习,实现对入侵检测模型的动态扩展。作者开发了一个基于增量式GHSOM神经网络模型的在线网络入侵检测原型系统,在局域网环境下开展了在线入侵检测实验。实验结果表明增量式GHSOM入侵检测方法具有动态自适应性,能够实现在线检测过程中对GHSOM模型的动态更新,而且对于网络上新出现的攻击类型,增量式GHSOM算法与传统GHSOM算法的检测率相当。
傳統的網絡入侵檢測方法利用已知類型的攻擊樣本以離線的方式訓練入侵檢測模型,雖然對已知攻擊類型具有較高的檢測率,但是不能識彆網絡上新齣現的攻擊類型。這樣的入侵檢測繫統存在著建立繫統的速度慢、模型更新代價高等不足,麵對規模日益擴大的網絡和層齣不窮的攻擊,缺乏自適應性和擴展性,難以檢測齣網絡上新齣現的攻擊類型。文中對GHSOM(Growing Hierarchical Self-Organizing Maps)神經網絡模型進行瞭擴展,提齣瞭一種基于增量式GHSOM神經網絡模型的網絡入侵檢測方法,在不破壞已學習過的知識的同時,對在線檢測過程中新齣現的攻擊類型進行增量式學習,實現對入侵檢測模型的動態擴展。作者開髮瞭一箇基于增量式GHSOM神經網絡模型的在線網絡入侵檢測原型繫統,在跼域網環境下開展瞭在線入侵檢測實驗。實驗結果錶明增量式GHSOM入侵檢測方法具有動態自適應性,能夠實現在線檢測過程中對GHSOM模型的動態更新,而且對于網絡上新齣現的攻擊類型,增量式GHSOM算法與傳統GHSOM算法的檢測率相噹。
전통적망락입침검측방법이용이지류형적공격양본이리선적방식훈련입침검측모형,수연대이지공격류형구유교고적검측솔,단시불능식별망락상신출현적공격류형。저양적입침검측계통존재착건립계통적속도만、모형경신대개고등불족,면대규모일익확대적망락화층출불궁적공격,결핍자괄응성화확전성,난이검측출망락상신출현적공격류형。문중대GHSOM(Growing Hierarchical Self-Organizing Maps)신경망락모형진행료확전,제출료일충기우증량식GHSOM신경망락모형적망락입침검측방법,재불파배이학습과적지식적동시,대재선검측과정중신출현적공격류형진행증량식학습,실현대입침검측모형적동태확전。작자개발료일개기우증량식GHSOM신경망락모형적재선망락입침검측원형계통,재국역망배경하개전료재선입침검측실험。실험결과표명증량식GHSOM입침검측방법구유동태자괄응성,능구실현재선검측과정중대GHSOM모형적동태경신,이차대우망락상신출현적공격류형,증량식GHSOM산법여전통GHSOM산법적검측솔상당。
Traditional network intrusion detection models are usually trained in off-line way byusing available types of intrusion samples.Although those well-known types of intrusions can bedetected with higher detection rate,it is very difficult to detect those upcoming unknown types ofnetwork intrusions through the existing traditional network intrusion detection models.Theseintrusion detection systems have some defects:the systems are usually established in lower speedand the models are updated in higher cost.Besides,facing the increasing network scale and growingtypes of attacks,the existing intrusion detection systems are lack of adaptability and scalability.This paper expands the GHSOM(Growing Hierarchical Self-organizing Maps)neural networkmodel and presents a network intrusion detection method based on dynamic incremental GHSOMneural network model.The improved GHSOMmodel can be updated in a dynamic and incrementalway by using those online-collected new types of intrusion data during online intrusion detection.This incremental model can be online implemented to detect the new-emerging types of networkintrusions without destroying the existing knowledge in the GHSOMmodel.We developed anintrusion detection prototype system based on the incremental GHSOMalgorithm,and the onlineintrusion detection experiments are carried out under the experimental LAN environment.Theexperiment results show that the intrusion detection method based on the incremental GHSOMalgorithm presented in this paper is dynamic and self-adaptive.The dynamic update of the GHSOMmodel has been verified through the experiment.Besides,the detection rate of ourincremental GHSOMalgorithm is similar with that of the traditional GHSOMalgorithm throughthe comparative experiment for those new-emerging types of network intrusions.