CAJ | 학술논문

伪装入侵是指非授权用户伪装成合法用户进入系统访问关键数据或执行非法操作的行为，现有伪装入侵检测方法大多通过获取用户敏感数据对用户特征进行建模。针对上述问题，提出一种基于网络流统计数据的伪装入侵检测方法，使用网络流统计数据作为用户特征，并结合AdaBoost与支持向量机对用户特征进行训练与预测。在一个真实网络抓包数据集上的实验结果表明，该方法能在有效抵御伪装入侵的同时不侵犯用户隐私，系统检测率为97.5%、误报率为1.1%，且系统检测延时仅为毫秒级，证明了其检测性能优于现有伪装入侵检测方法。
위장입침시지비수권용호위장성합법용호진입계통방문관건수거혹집행비법조작적행위，현유위장입침검측방법대다통과획취용호민감수거대용호특정진행건모。침대상술문제，제출일충기우망락류통계수거적위장입침검측방법，사용망락류통계수거작위용호특정，병결합AdaBoost여지지향량궤대용호특정진행훈련여예측。재일개진실망락조포수거집상적실험결과표명，해방법능재유효저어위장입침적동시불침범용호은사，계통검측솔위97.5%、오보솔위1.1%，차계통검측연시부위호초급，증명료기검측성능우우현유위장입침검측방법。
Masquerade intrusion is attack by unauthorized users to obtain access to confidential data or conduct other illegal operation. Currently, masquerade detection largely depends on the retrieval of user’s sensitive information to model the user characteristics. To avoid the violation of user privacy, this paper proposes a new masquerade intrusion detection method based on network flow statistical data. User Characteristic modeling is illustrated in details and a hybrid algorithm combining AdaBoost and Support Vector Machine(SVM) is also introduced to train and predict user behavior. Experiments on a real packet data set show that the method can resist masquerade intrusion, preserve user privacy, and its system detection rate is 97.5%, false positive rate is 1.1%when delay is in milliseconds, prove that the detection performance of this method is better than the existing methods.