| 会话属性优化的网络异常检测模型 |
| |
| 引用本文: | 彭新光,马晓丽.会话属性优化的网络异常检测模型[J].计算机工程与设计,2005,26(11):2945-2948. |
| |
| 作者姓名: | 彭新光 马晓丽 |
| |
| 作者单位: | 太原理工大学,计算机科学与技术系,山西,太原,030024;太原理工大学,计算机科学与技术系,山西,太原,030024 |
| |
| 基金项目: | 山西省自然科学基金项目(20041047). |
| |
| 摘 要: | 网络异常检测模型的检测性能在很大程度上依赖于网络会话属性,因网络会话属性在本质上刻画了网络行为模式。基于假设验证的实验分析手段,采用Tcpdump网络数据包作为实验数据源,在将数据包解析成具有基本属性的网络会话记录基础上,提出了一组简洁和精确的会话属性组合模式。实验结果表明,优化后的会话属性组合模式确实能够有效地提高网络异常检测模型‘对未知攻击的检测能力,采用基本属性、全部属性和任意部分属性训练检测模型,并不能获得良好的检测效果。
|
| 关 键 词: | 网络安全 会话属性 检测模型 |
| 文章编号: | 1000-7024(2005)11-2945-04 |
| 收稿时间: | 2004-10-08 |
| 修稿时间: | 2004-10-08 |
Network anomaly detection model of optimizing session attributes |
| |
| PENG Xin-guang,MA Xiao-li.Network anomaly detection model of optimizing session attributes[J].Computer Engineering and Design,2005,26(11):2945-2948. |
| |
| Authors: | PENG Xin-guang MA Xiao-li |
| |
| Affiliation: | Department of Computer Science and Technology, Taiyuan University of Technology, Taiyuan 030024, China |
| |
| Abstract: | The detection performance of network anomaly detection model depends on network session attributes to a great extent because session attributes characterize network behavior profile. Tcpdump network traffic packets were regarded as the experiment data set. Traffic packets were resolved into session records with basic attributes. A concise and exact combination pattern for session attributes is proposed based on what-if experiment analysis. The experiment results indicate that the optimized pattern for session attributes improves the detection performance of anomaly detection model against unknown attacks. Better detection effects are not achieved by training detection model with basic, full and arbitrary attributes. |
| |
| Keywords: | network security session attributes detection model |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
