共查询到19条相似文献,搜索用时 203 毫秒
1.
基于克隆选择聚类的入侵检测 总被引:1,自引:1,他引:1
白琳 《微电子学与计算机》2007,24(3):135-137,141
提出基于克隆选择的模糊聚类算法,将该聚类算法用于网络入侵检测。针对入侵数据的混合属性改进距离测度的计算方法,实现了对大规模混合属性原始数据的异常检测,并能有效检测到未知攻击。在KDDCUP99数据集中进行了对比仿真实验,实验结果表明算法对已知攻击和未知攻击的检测率以及算法的误誊率都是理想的。 相似文献
2.
为提高无线网络入侵检测模型的综合性能,该文将循环神经网络(RNN)算法用于构建无线网络入侵检测分类模型。针对无线网络入侵检测训练数据样本分布不均衡导致分类模型出现过拟合的问题,在对原始数据进行清洗、转换、特征选择等预处理基础上,提出基于窗口的实例选择算法精简训练数据集。对攻击分类模型的网络结构、激活函数和可复用性进行综合优化实验,得到最终优化模型,分类准确率达到98.6699%,综合优化后的运行时间为9.13 s。与其他机器学习算法结果比较,该优化方法在分类准确率和执行效率两个方面取得了很好的效果,综合性能优于传统的入侵检测分类模型。 相似文献
3.
康世瑜 《微电子学与计算机》2011,28(8):74-76
提出了一种基于SVM特征选择和C4.5数据挖掘算法的高效入侵检测模型.通过使用该模型对经过特征提取后的攻击数据的训练学习,可以有效地识别各种入侵,并提高检测速度.在经典的KDD 1999入侵检测数据集上的测试说明:该数据挖掘模型能够高效地对攻击模式进行训练学习,能够采用选择的特征正确有效地检测网络攻击. 相似文献
4.
基于网络攻击面自适应转换的移动目标防御技术是一种新型的网络防御技术,其核心包括入侵检测防御机制、自适应以及自适应跳变功能,设计模块包括数据包捕获模块、管理控制模块、入侵检测模块、访问控制模块、自适应模块,通过自适应模块能够自适应检测识别外界攻击,利用自适应转化算法,通过管理控制模块发出命令,将攻击转移到其他IP地址与端口、操作系统. 相似文献
5.
6.
模糊C-均值算法(FCM)广泛应用于入侵检测中,在其基础上为了更有效实现入侵数据的划分,应用了基于阴影集的粗糙模糊聚类算法(SRFCM).同时,为提高检测性能提出了一种新的"两步走"方法:首先运用算法将网络数据划分为正常和入侵两种类型,其次再运用算法将入侵数据划分为不同的攻击类型,有效提高了检测性能.本文采用KDDCUP1999数据集进行仿真实验,实验表明"两步走"方法在入侵检测中获得了较高的检测率. 相似文献
7.
8.
为了准确及时的进行DDoS攻击检测,提出了一种新的DDoS攻击检测算法。该算法在基于传统的小波分析检测DDoS攻击的基础上融入了主成分分析法和小波分析法中DDoS检测方法,并根据该算法设计相应的模型和算法来检测 DDoS 攻击,并且引入信息论中的信息熵对源IP地址的分散程度进行度量,根据初始阶段Hurst指数及熵值的变化自适应地设定阈值以检测攻击的发生。实验结果表明,该方法大幅度的提高了DDoS检测的速度。 相似文献
9.
10.
《现代电子技术》2015,(24):79-82
传统网络入侵目标检测方法存在漏报率高和对不确定入侵数据检测性能弱的缺陷,无法胜任混网网络安全检测的需要。针对混网网络结构特征,设计并实现了最优入侵目标检测软件,该软件包括负载均衡模块、误用检测模块、匹配算法自适应模块,并采用多核网络处理器的多个同构核当成混网入侵检测引擎。通过自适应多模式匹配模型,基于混网网络的状态、特征动态对模式匹配算法进行动态调控,确保入侵目标检测引擎的利用率最大化。该匹配模型包括规范预操作过程、流量检测过程以及动态调控过程。给出了混网网络结构下的数据包多核处理过程以及匹配算法的优化代码。实验结果说明,所设计入侵检测软件可实现混网下入侵目标的有效检测,具有较高的检测性能。 相似文献
11.
A simple and efficient hidden Markov model scheme for host-based anomaly intrusion detection 总被引:1,自引:0,他引:1
Extensive research activities have been observed on network-based intrusion detection systems (IDSs). However, there are always some attacks that penetrate trafficprofiling- based network IDSs. These attacks often cause very serious damages such as modifying host critical files. A host-based anomaly IDS is an effective complement to the network IDS in addressing this issue. This article proposes a simple data preprocessing approach to speed up a hidden Markov model (HMM) training for system-call-based anomaly intrusion detection. Experiments based on a public database demonstrate that this data preprocessing approach can reduce training time by up to 50 percent with unnoticeable intrusion detection performance degradation, compared to a conventional batch HMM training scheme. More than 58 percent data reduction has been observed compared to our prior incremental HMM training scheme. Although this maximum gain incurs more degradation of false alarm rate performance, the resulting performance is still reasonable. 相似文献
12.
13.
Wireless Mesh Networks is vulnerable to attacks due to the open medium, dynamically changing network topology, cooperative algorithms, lack of centralized monitoring and management point. The raditional way of protecting networks with firewalls and encryption software is no longer sufficient and effective for those features. In this paper, we propose a distributed intrusion detection approach based on timed automata. A cluster-based detection scheme is presented, where periodically a node is elected as the monitor node for a cluster. These monitor nodes can not only make local intrusion detection decisions, but also cooperatively take part in global intrusion detection. And then we construct the Finite State Machine (FSM) by the way of manually abstracting the correct behaviors of the node according to the routing protocol of Dynamic Source Routing (DSR). The monitor nodes can verify every node's behavior by the Finite State Machine (FSM), and validly detect real-time attacks without signatures of intrusion or trained data. Compared with the architecture where each node is its own IDS agent, our approach is much more efficient while maintaining the same level of effectiveness. Finally, we evaluate the intrusion detection method through simulation experiments. 相似文献
14.
The author puts forward an integrated intrusion detection (ID) model based on artificial immune (IIDAI), a vaccination strategy based on the significance degree of genes and a method to generate initial memory antibodies with rough set (RS). IIDAI integrates two kinds of intrusion detection mode: misuse detection and anonymous detection. Misuse detection and anonymous detection are applied to detect the known and the unknown attacks, respectively. On the basis of IIDAI model, an ID algorithm is presented. Simulation shows that the IIDAI has better performance than traditional ID methods in feasibility and effectiveness. It is very prone to achieve a higher convergence rate by using the vaccination strategy. Moreover, RS can remove the redundancy attributes and increase the detection speed. It can also increase detection rate by applying the integrated method. 相似文献
15.
16.
Tartakovsky A.G. Rozovskii B.L. Blazek R.B. Hongjoong Kim 《Signal Processing, IEEE Transactions on》2006,54(9):3372-3382
Large-scale computer network attacks in their final stages can readily be identified by observing very abrupt changes in the network traffic. In the early stage of an attack, however, these changes are hard to detect and difficult to distinguish from usual traffic fluctuations. Rapid response, a minimal false-alarm rate, and the capability to detect a wide spectrum of attacks are the crucial features of intrusion detection systems. In this paper, we develop efficient adaptive sequential and batch-sequential methods for an early detection of attacks that lead to changes in network traffic, such as denial-of-service attacks, worm-based attacks, port-scanning, and man-in-the-middle attacks. These methods employ a statistical analysis of data from multiple layers of the network protocol to detect very subtle traffic changes. The algorithms are based on change-point detection theory and utilize a thresholding of test statistics to achieve a fixed rate of false alarms while allowing us to detect changes in statistical models as soon as possible. There are three attractive features of the proposed approach. First, the developed algorithms are self-learning, which enables them to adapt to various network loads and usage patterns. Secondly, they allow for the detection of attacks with a small average delay for a given false-alarm rate. Thirdly, they are computationally simple and thus can be implemented online. Theoretical frameworks for detection procedures are presented. We also give the results of the experimental study with the use of a network simulator testbed as well as real-life testing for TCP SYN flooding attacks. 相似文献
17.
Industrial control system was an important part of national critical infrastructure,once it was suffered from the cyber attack,it would cause property damage,casualties and other serious disasters.For providing theoretical supports to industrial security researchers,the features of attacks in an industrial control system and the difficulties of detection to these attacks were introduced.Then,a survey of intrusion detection technologies used by the industrial control systems was given.Also,the performance and characteristic were compared for the different types of detection technologies.Fi-nally,an industrial intrusion detection research was generated. 相似文献
18.
Mohammad Wazid Poonam Reshma Dsouza Ashok Kumar Das Vivekananda Bhat K Neeraj Kumar Joel J. P. C. Rodrigues 《International Journal of Communication Systems》2019,32(15)
Internet of Things (IoT) offers various types of application services in different domains, such as “smart infrastructure, health‐care, critical infrastructure, and intelligent transportation system.” The name edge computing signifies a corner or edge in a network at which traffic enters or exits from the network. In edge computing, the data analysis task happens very close to the IoT smart sensors and devices. Edge computing can also speed up the analysis process, which allows decision makers to take action within a short duration of time. However, edge‐based IoT environment has several security and privacy issues similar to those for the cloud‐based IoT environment. Various types of attacks, such as “replay, man‐in‐the middle, impersonation, password guessing, routing attack, and other denial of service attacks” may be possible in edge‐based IoT environment. The routing attacker nodes have the capability to deviate and disrupt the normal flow of traffic. These malicious nodes do not send packets (messages) to the edge node and only send packets to its neighbor collaborator attacker nodes. Therefore, in the presence of such kind of routing attack, edge node does not get the information or sometimes it gets the partial information. This further affects the overall performance of communication of edge‐based IoT environment. In the presence of such an attack, the “throughput of the network” decreases, “end‐to‐end delay” increases, “packet delivery ratio” decreases, and other parameters also get affected. Consequently, it is important to provide solution for such kind of attack. In this paper, we design an intrusion detection scheme for the detection of routing attack in edge‐based IoT environment called as RAD‐EI. We simulate RAD‐EI using the widely used “NS2 simulator” to measure different network parameters. Furthermore, we provide the security analysis of RAD‐EI to prove its resilience against routing attacks. RAD‐EI accomplishes around 95.0% “detection rate” and 1.23% “false positive rate” that are notably better than other related existing schemes. In addition, RAD‐EI is efficient in terms of computation and communication costs. As a result, RAD‐EI is a good match for some critical and sensitive applications, such as smart security and surveillance system. 相似文献
19.
Ci‐Bin Jiang I‐Hsien Liu Yao‐Nien Chung Jung‐Shian Li 《International Journal of Network Management》2016,26(3):156-175
The current network‐based intrusion detection systems have a very high rate of false alarms, and this phenomena results in significant efforts to gauge the threat level of the anomalous traffic. In this paper, we propose an intrusion detection mechanism based on honeypot log similarity analysis and data mining techniques to predict and block suspicious flows before attacks occur. With honeypot logs and association rule mining, our approach can reduce the false alarm problem of intrusion detection because only suspicious traffic would be present in the honeypots. The proposed mechanism can reduce human effort, and the entire system can operate automatically. The results of our experiments indicate that the honeypot prediction system is practical for protecting assets from attacks or misuse. 相似文献