共查询到20条相似文献,搜索用时 156 毫秒
1.
2.
在分析入侵检测系统的基础上,指出现有规则匹配算法的不足.提出一种新的规则匹配算法,该算法主要利用非精确匹配技术,缩小入侵分类的检测范围,达到快速匹配的目的.根据不同的安全性要求设置不同的门限值,该算法可用于预测适合不同门限值的可疑入侵行为。 相似文献
3.
4.
入侵检测模式匹配算法的研究与改进 总被引:1,自引:0,他引:1
模式匹配算法是实现基于规则检测的核心技术,其效率直接影响到入侵检测系统的准确性和实时性。通过分析传统的模式匹配算法BM算法和BMH算法等,提出一种基于BM跳跃思想的模式匹配改进算法,简化了初始化过程,加大了匹配失败后向后跳跃的幅度。经过算法测试,与原算法相比新算法可以有效的减少比较次数,提高模式匹配效率。 相似文献
5.
入侵检测系统(IDS)为网络安全提供有力的保障,是防火墙安全技术的补充,是一种主动式的网络安全保护技术。遗传算法(GA)是传统搜索方法的优化,在入侵检测系统中应用,可以有效的提高DIS的检测效率,降低检测错误率的发生,明显的提高IDS运行的效率。本文即对遗传算法在入侵检测中的应用进行分析和讨论。 相似文献
6.
异常入侵检测技术能够有效的保护计算机系统和网络免遭恶意活动的破坏。异常检测技术能够检测到新的攻击行为,是入侵检测系统发展的热点。但这种技术方法目前还不是很完备.首先介绍入侵检测的功能、通用模型及分类。然后回顾常用的几种异常入侵检测技术。最后列举当前异常检测系统所要面临的挑战。 相似文献
7.
基于数据挖掘技术,针对当前入侵检测系统的不足,把层次聚类算法与模糊c-均值算法相结合,设计出一种较优的入侵检测系统,实验证明该系统具有较高的检测率和良好的自适性。 相似文献
8.
直接将入侵检测算法应用在粗糙数据上,其入侵检测分析的效率非常低.为解决该问题,提出了一种基于主成分分析的入侵检测方法.该方法通过提取网络连接中的相关信息,对它进行解码,并将解码的网络连接记录与已知的网络连接记录数据进行比较,发现记录中的变化和连接记录分布的主成分,最后将机器学习方法和主成分分析方法结合实现入侵检测.实验结果表明该方法应用到各种不同KDD99入侵检测数据集中可以有效减少学习时间、降低各种数据集的表示空间,提高入侵检测效率. 相似文献
9.
10.
目前的入侵检测系统(IDS)采用的分析技术主要为两种,误用检测(Misuse Detection)与异常检测(Anomaly Detection)[1-2]。误用检测的不足是无法检测未知的异常行为或恶意代码。异常入侵检测不需要事先知道入侵行为的特征,其假设当用户系统被攻击或者入侵时,会表现出不同往常的行为特点,作为检测依据。检测效率高,不依赖先验知识库,能够检测未知异常。本文提出了一种通过统计分析IP、端口、流量、周期、时间等因子来判定网络行为异常的检测方法。通过算法优化和实验验证,该方法针对常见的DDOS攻击、蠕虫扫描、木马窃密等网络行为都有较高的检测准确度。 相似文献
11.
入侵检测是对计算机网络和计算机系统的关键节点的信息进行收集和分祈。由于高速网络和交换式网络的普遍应用,以分布式拒绝服务攻击为代表的新型攻击方式的出现和发展,以及现有入侵检测系统效率低下、误报率和漏报率较高的问题无法得到有效解决等问题,目前入侵检测技术正处于发展的关键时期。协议分析是网络入侵检测技术中的一种关键技术,但不能解决对于包含在多个数据包中的攻击。针对这一问题,本文提出了基于状态协议分析的检测技术,构建一个有限自动机(Finite Automata,简称FA)来约束网络,并用由正则表达式产生的语言来描述一系列的正常的状态转化,充分利用协议的状态信息检测入侵。 相似文献
12.
Complex Event Processing (CEP) is an emerging technology for processing and identifying patterns of interest from multiple streams of events in real/near real time. Sensor network-based security and surveillance is a topic of recent research where events generated from distributed sensors at an unpredictable rate need to be analysed for possible threats and respond in a timely manner. Traditional software architectures like client/server architecture where the interactions are pull-based (DBMS) do not target the efficient processing of streams of events in real time. CEP which is a push-based system can process streaming data to identify the intrusion patterns in near real time and respond to the threats. An Intrusion Detection System (IDS) based on single sensor may fail to give accurate identification of intrusion. Hence there is a need for multisensor based IDS. A multisensor-based IDS enables identification of the intrusion patterns semantically by correlating the events and context information provided by multiple sensors. JDL multisource data fusion model is a well-known research model first established by the Joint Directorate Laboratories. This paper proposes JDL fusion framework-based CEP for semantic intrusion detection. The events generated from heterogeneous sensors are collected, aggregated using logical and spatiotemporal relations to form complex events which model the intrusion patterns. The proposed system is implemented and the results show that the proposed system out performs the pull-based solutions in terms of detection accuracy and detection time. 相似文献
13.
V. Praveena A. Vijayaraj P. Chinnasamy Ihsan Ali Roobaea Alroobaea Saleh Yahya Alyahyan Muhammad Ahsan Raza 《计算机、材料和连续体(英文)》2022,70(2):2639-2653
In recent years, progressive developments have been observed in recent technologies and the production cost has been continuously decreasing. In such scenario, Internet of Things (IoT) network which is comprised of a set of Unmanned Aerial Vehicles (UAV), has received more attention from civilian to military applications. But network security poses a serious challenge to UAV networks whereas the intrusion detection system (IDS) is found to be an effective process to secure the UAV networks. Classical IDSs are not adequate to handle the latest computer networks that possess maximum bandwidth and data traffic. In order to improve the detection performance and reduce the false alarms generated by IDS, several researchers have employed Machine Learning (ML) and Deep Learning (DL) algorithms to address the intrusion detection problem. In this view, the current research article presents a deep reinforcement learning technique, optimized by Black Widow Optimization (DRL-BWO) algorithm, for UAV networks. In addition, DRL involves an improved reinforcement learning-based Deep Belief Network (DBN) for intrusion detection. For parameter optimization of DRL technique, BWO algorithm is applied. It helps in improving the intrusion detection performance of UAV networks. An extensive set of experimental analysis was performed to highlight the supremacy of the proposed model. From the simulation values, it is evident that the proposed method is appropriate as it attained high precision, recall, F-measure, and accuracy values such as 0.985, 0.993, 0.988, and 0.989 respectively. 相似文献
14.
With the development of Information technology and the popularization of Internet, whenever and wherever possible, people can connect to the Internet optionally. Meanwhile, the security of network traffic is threatened by various of online malicious behaviors. The aim of an intrusion detection system (IDS) is to detect the network behaviors which are diverse and malicious. Since a conventional firewall cannot detect most of the malicious behaviors, such as malicious network traffic or computer abuse, some advanced learning methods are introduced and integrated with intrusion detection approaches in order to improve the performance of detection approaches. However, there are very few related studies focusing on both the effective detection for attacks and the representation for malicious behaviors with graph. In this paper, a novel intrusion detection approach IDBFG (Intrusion Detection Based on Feature Graph) is proposed which first filters normal connections with grid partitions, and then records the patterns of various attacks with a novel graph structure, and the behaviors in accordance with the patterns in graph are detected as intrusion behaviors. The experimental results on KDD-Cup 99 dataset show that IDBFG performs better than SVM (Supprot Vector Machines) and Decision Tree which are trained and tested in original feature space in terms of detection rates, false alarm rates and run time. 相似文献
15.
Muhammad Adnan Khan Abdur Rehman Khalid Masood Khan Mohammed A. Al Ghamdi Sultan H. Almotiri 《计算机、材料和连续体(英文)》2021,66(1):467-480
Networks provide a significant function in everyday life, and cybersecurity therefore developed a critical field of study. The Intrusion detection system
(IDS) becoming an essential information protection strategy that tracks the situation of the software and hardware operating on the network. Notwithstanding
advancements of growth, current intrusion detection systems also experience dif-
ficulties in enhancing detection precision, growing false alarm levels and identifying suspicious activities. In order to address above mentioned issues, several
researchers concentrated on designing intrusion detection systems that rely on
machine learning approaches. Machine learning models will accurately identify
the underlying variations among regular information and irregular information
with incredible efficiency. Artificial intelligence, particularly machine learning
methods can be used to develop an intelligent intrusion detection framework.
There in this article in order to achieve this objective, we propose an intrusion
detection system focused on a Deep extreme learning machine (DELM) which
first establishes the assessment of safety features that lead to their prominence
and then constructs an adaptive intrusion detection system focusing on the important features. In the moment, we researched the viability of our suggested DELMbased intrusion detection system by conducting dataset assessments and evaluating the performance factors to validate the system reliability. The experimental
results illustrate that the suggested framework outclasses traditional algorithms.
In fact, the suggested framework is not only of interest to scientific research
but also of functional importance. 相似文献
16.
Muhammad Sajid Farooq Sagheer Abbas Atta-ur-Rahman Kiran Sultan Muhammad Adnan Khan Amir Mosavi 《计算机、材料和连续体(英文)》2023,74(2):2607-2623
The rapid growth in data generation and increased use of computer network devices has amplified the infrastructures of internet. The interconnectivity of networks has brought various complexities in maintaining network availability, consistency, and discretion. Machine learning based intrusion detection systems have become essential to monitor network traffic for malicious and illicit activities. An intrusion detection system controls the flow of network traffic with the help of computer systems. Various deep learning algorithms in intrusion detection systems have played a prominent role in identifying and analyzing intrusions in network traffic. For this purpose, when the network traffic encounters known or unknown intrusions in the network, a machine-learning framework is needed to identify and/or verify network intrusion. The Intrusion detection scheme empowered with a fused machine learning technique (IDS-FMLT) is proposed to detect intrusion in a heterogeneous network that consists of different source networks and to protect the network from malicious attacks. The proposed IDS-FMLT system model obtained 95.18% validation accuracy and a 4.82% miss rate in intrusion detection. 相似文献
17.
Cloud computing provides easy and on-demand access to computing resources in a configurable pool. The flexibility of the cloud environment attracts more and more network services to be deployed on the cloud using groups of virtual machines (VMs), instead of being restricted on a single physical server. When more and more network services are deployed on the cloud, the detection of the intrusion likes Distributed Denial-of-Service (DDoS) attack becomes much more challenging than that on the traditional servers because even a single network service now is possibly provided by groups of VMs across the cloud system. In this paper, we propose a cloud-based intrusion detection system (IDS) which inspects the features of data flow between neighboring VMs, analyzes the probability of being attacked on each pair of VMs and then regards it as independent evidence using Dempster-Shafer theory, and eventually combines the evidence among all pairs of VMs using the method of evidence fusion. Unlike the traditional IDS that focus on analyzing the entire network service externally, our proposed algorithm makes full use of the internal interactions between VMs, and the experiment proved that it can provide more accurate results than the traditional algorithm. 相似文献
18.
Intrusion detection/prevention is the greatest security challenge at virtual network layer of Cloud computing. To address this challenge, there have been several security frameworks reported. However, still there is a scope of addressing newer challenges. Here, we propose a security framework to detect network intrusions in Cloud computing. This framework uses Snort and combination of different classifiers, viz Bayesian, Associative and Decision tree. We deploy our intrusion detection system (IDS) sensors on each host machine of Cloud. These sensors correlate intrusive alerts from each region of Cloud in order to identify distributed attacks. For feasibly analysis and functional validation of this framework, we perform different experiments in real time and offline simulation. 相似文献
19.
该文主要研究云计算网络环境下的入侵检测与防御技术,在总结传统入侵检测技术的基础上,对云计算环境中的入侵检测系统进行比较全面的研究,开发以神经网络技术为基础的网络入侵防御系统。对于入侵检测模块,重点对数据捕获、行为规则匹配以及神经网络判别模块进行分析,并通过具体的测试检验其实现结果。 相似文献
20.
Jacob W. Ulvila John E. Gaffney Jr. 《Journal of research of the National Institute of Standards and Technology》2003,108(6):453-473
This paper presents a comprehensive method for evaluating intrusion detection systems (IDSs). It integrates and extends ROC (receiver operating characteristic) and cost analysis methods to provide an expected cost metric. Results are given for determining the optimal operation of an IDS based on this expected cost metric. Results are given for the operation of a single IDS and for a combination of two IDSs. The method is illustrated for: 1) determining the best operating point for a single and double IDS based on the costs of mistakes and the hostility of the operating environment as represented in the prior probability of intrusion and 2) evaluating single and double IDSs on the basis of expected cost. A method is also described for representing a compound IDS as an equivalent single IDS. Results are presented from the point of view of a system administrator, but they apply equally to designers of IDSs. 相似文献