计算机网络入侵检测系统

随着网络技术的快速发展,网络入侵事件的发生也渐渐的增多。从网络安全立体、纵深、多层次防御的角度出发,入侵检测系统和技术得到的高度重视。本文在对计算机网络入侵检测系统的介绍的基础上,重点对其工作过程及关键技术和当前存在的问题进行了研究和分析。     

计算机网络入侵检测技术发展

计算机互联网的爆炸式增长以及基于因特网的电子商务的增加使得网络安全成为网络设计的一个重要因素。因此,开展网络安全特别是入侵攻击与防范技术的研究,开发急需的、高效实用的网络入侵检测系统,对计算机网络的发展和网络信息的建设与应用都具有重要意义。入侵检测系统作为安全防御的第二道防线,是网络防火墙的有益补充,它能够用于检测出各种形式的入侵行为,是安全防御体系的一个重要组成部分。     

基于高校网络环境的入侵检测方案的思考

"计算机网络技术"正在给高校网络环境带来一场深刻的变革,入侵检测方案将成为主流监控手段。探讨高校网络环境下的入侵检测方案已经成为网络安全的防御工作的必然选择。提出基于高校网络环境的入侵检测方案的构思,分析入侵检测方案环境的发展,包括发展方向和关键技术;给出基于入侵检测方案的高校网络环境实现的流程。虽然还有待于实验和检测,但基于高校网络环境的入侵检测方案的理念,相信能够成为新的监控技术发展的亮点。     

基于入侵检测的防火墙策略研究

防火墙是预防网络入侵的一种重要的技术。入侵检测是安全防御体系中继防火墙、数据加密等传统安全保护措施后又一项重要的安全保障技术,可以在入侵的全过程对系统进行实时检测与监控,本文对主机入侵检测技术和防火墙进行了深入的分析和总结,指出了两者的优、缺点,讨论了防火墙与主机入侵检测系统的联动。     

基于机器学习的入侵检测系统

入侵检测系统是保障网络信息安全的重要手段,针对现有的入侵检测技术存在的不足.提出了基于机器学习的入侵检测系统的实现方案.简要介绍几种适合用于入侵检测系统中的机器学习算法,重点阐述基于神经网络、数据挖掘和人工免疫技术的入侵检测系统的性能特点.     

ANFIDS:基于模糊神经网络的自适应入侵检测系统

在研究和分析现有网络入侵检测技术的基础上,提出了一种基于神经网络和模糊推理技术的自适应入侵检测系统（ANFIDS）。该系统运用模糊理论把安全参数模糊化,使得系统能更好地描述网络流量特性与攻击的关系,从而更精确地捕获攻击行为,同时利用网络流量对隶属度函数和模糊规则进行调整和优化。实验结果表明,训练后的ANFIDS系统能够检测网络的异常行为并有效地减低误报率。     

智能神经网络在Internet入侵检测中的应用

探讨了一个基于智能神经网络的网络入侵检测系统模型，在对网络中的IP数据包进行分析处理以及特征提取的基础上，采用智能神经网络进行学习或判别，以达到对未知数据包进行检测的目的，智能神经网络可以将多种多样的入侵检测任务划分为多个单一的检测任务，并将这些任务分配给功能专一，结构简单的较小的智能神经网络来完成，实验证明这是一种行之有效的网络入侵检测的解决方法。     

浅析基于军用网络安全的IDS技术

未来的战场将是网络化战场,网络进攻、网络防御等作战样式纷纷出现。而所有这些都是围绕着网络入侵和网络防护进行的,网络入侵和网络防护将成为决定战争和战役战斗胜负的根本,网络入侵及入侵检测技术将成为作战中的关键。     

医疗系统架构下的信息安全研究

计算机技术和远程通信技术的飞速发展,推动医疗卫生事业运行模式的改革。医疗信息或行为的数字化,为信息的共享、存储、使用和传输提供方便。与此同时我们不得不关注信息在各个环节的安全性问题。在对其现有的入侵防御系统基本原理进行介绍的基础上,讨论人工智能、神经网络、数据挖掘在入侵防御系统中的应用。     

网络入侵防御技术研究

目前网络安全领域面临着严重的威胁,传统防火墙技术加传统入侵检测技术,已经无法应对。在这种情况下,入侵防御技术应运而生,它对那些被明确判断为攻击行为,会对网络、数据造成危害的恶意行为主动进行检测和防御,降低了使用者对异常状况的处理资源开销,是一种侧重于风险控制的安全技术。     

Multi-VMs Intrusion Detection for Cloud Security Using Dempster-shafer Theory

Cloud computing provides easy and on-demand access to computing resources in a configurable pool. The flexibility of the cloud environment attracts more and more network services to be deployed on the cloud using groups of virtual machines (VMs), instead of being restricted on a single physical server. When more and more network services are deployed on the cloud, the detection of the intrusion likes Distributed Denial-of-Service (DDoS) attack becomes much more challenging than that on the traditional servers because even a single network service now is possibly provided by groups of VMs across the cloud system. In this paper, we propose a cloud-based intrusion detection system (IDS) which inspects the features of data flow between neighboring VMs, analyzes the probability of being attacked on each pair of VMs and then regards it as independent evidence using Dempster-Shafer theory, and eventually combines the evidence among all pairs of VMs using the method of evidence fusion. Unlike the traditional IDS that focus on analyzing the entire network service externally, our proposed algorithm makes full use of the internal interactions between VMs, and the experiment proved that it can provide more accurate results than the traditional algorithm.     

Intrusion Detection Based on Bidirectional Long Short-Term Memory with Attention Mechanism

With the recent developments in the Internet of Things (IoT), the amount of data collected has expanded tremendously, resulting in a higher demand for data storage, computational capacity, and real-time processing capabilities. Cloud computing has traditionally played an important role in establishing IoT. However, fog computing has recently emerged as a new field complementing cloud computing due to its enhanced mobility, location awareness, heterogeneity, scalability, low latency, and geographic distribution. However, IoT networks are vulnerable to unwanted assaults because of their open and shared nature. As a result, various fog computing-based security models that protect IoT networks have been developed. A distributed architecture based on an intrusion detection system (IDS) ensures that a dynamic, scalable IoT environment with the ability to disperse centralized tasks to local fog nodes and which successfully detects advanced malicious threats is available. In this study, we examined the time-related aspects of network traffic data. We presented an intrusion detection model based on a two-layered bidirectional long short-term memory (Bi-LSTM) with an attention mechanism for traffic data classification verified on the UNSW-NB15 benchmark dataset. We showed that the suggested model outperformed numerous leading-edge Network IDS that used machine learning models in terms of accuracy, precision, recall and F1 score.     

Prediction of Cloud Ranking in a Hyperconverged Cloud Ecosystem Using Machine Learning

Cloud computing is becoming popular technology due to its functional properties and variety of customer-oriented services over the Internet. The design of reliable and high-quality cloud applications requires a strong Quality of Service QoS parameter metric. In a hyperconverged cloud ecosystem environment, building high-reliability cloud applications is a challenging job. The selection of cloud services is based on the QoS parameters that play essential roles in optimizing and improving cloud rankings. The emergence of cloud computing is significantly reshaping the digital ecosystem, and the numerous services offered by cloud service providers are playing a vital role in this transformation. Hyperconverged software-based unified utilities combine storage virtualization, compute virtualization, and network virtualization. The availability of the latter has also raised the demand for QoS. Due to the diversity of services, the respective quality parameters are also in abundance and need a carefully designed mechanism to compare and identify the critical, common, and impactful parameters. It is also necessary to reconsider the market needs in terms of service requirements and the QoS provided by various CSPs. This research provides a machine learning-based mechanism to monitor the QoS in a hyperconverged environment with three core service parameters: service quality, downtime of servers, and outage of cloud services.     

Fuzzy Based Latent Dirichlet Allocation for Intrusion Detection in Cloud Using ML

The growth of cloud in modern technology is drastic by provisioning services to various industries where data security is considered to be common issue that influences the intrusion detection system (IDS). IDS are considered as an essential factor to fulfill security requirements. Recently, there are diverse Machine Learning (ML) approaches that are used for modeling effectual IDS. Most IDS are based on ML techniques and categorized as supervised and unsupervised. However, IDS with supervised learning is based on labeled data. This is considered as a common drawback and it fails to identify the attack patterns. Similarly, unsupervised learning fails to provide satisfactory outcomes. Therefore, this work concentrates on semi-supervised learning model known as Fuzzy based semi-supervised approach through Latent Dirichlet Allocation (F-LDA) for intrusion detection in cloud system. This helps to resolve the aforementioned challenges. Initially, LDA gives better generalization ability for training the labeled data. Similarly, to handle the unlabelled data, Fuzzy model has been adopted for analyzing the dataset. Here, pre-processing has been carried out to eliminate data redundancy over network dataset. In order to validate the efficiency of F-LDA towards ID, this model is tested under NSL-KDD cup dataset is a common traffic dataset. Simulation is done in MATLAB environment and gives better accuracy while comparing with benchmark standard dataset. The proposed F-LDA gives better accuracy and promising outcomes than the prevailing approaches.     

M-IDM: A Multi-Classification Based Intrusion Detection Model in Healthcare IoT

In recent years, the application of a smart city in the healthcare sector via loT systems has continued to grow exponentially and various advanced network intrusions have emerged since these loT devices are being connected. Previous studies focused on security threat detection and blocking technologies that rely on testbed data obtained from a single medical IoT device or simulation using a well-known dataset, such as the NSL-KDD dataset. However, such approaches do not reflect the features that exist in real medical scenarios, leading to failure in potential threat detection. To address this problem, we proposed a novel intrusion classification architecture known as a Multi-class Classification based Intrusion Detection Model (M-IDM), which typically relies on data collected by real devices and the use of convolutional neural networks (i.e., it exhibits better performance compared with conventional machine learning algorithms, such as naïve Bayes, support vector machine (SVM)). Unlike existing studies, the proposed architecture employs the actual healthcare IoT environment of National Cancer Center in South Korea and actual network data from real medical devices, such as a patient’s monitors (i.e., electrocardiogram and thermometers). The proposed architecture classifies the data into multiple classes: Critical, informal, major, and minor, for intrusion detection. Further, we experimentally evaluated and compared its performance with those of other conventional machine learning algorithms, including naïve Bayes, SVM, and logistic regression, using neural networks.     

Central Aggregator Intrusion Detection System for Denial of Service Attacks

Vehicle-to-grid technology is an emerging field that allows unused power from Electric Vehicles (EVs) to be used by the smart grid through the central aggregator. Since the central aggregator is connected to the smart grid through a wireless network, it is prone to cyber-attacks that can be detected and mitigated using an intrusion detection system. However, existing intrusion detection systems cannot be used in the vehicle-to-grid network because of the special requirements and characteristics of the vehicle-to-grid network. In this paper, the effect of denial-of-service attacks of malicious electric vehicles on the central aggregator of the vehicle-to-grid network is investigated and an intrusion detection system for the vehicle-to-grid network is proposed. The proposed system, central aggregator–intrusion detection system (CA-IDS), works as a security gateway for EVs to analyze and monitor incoming traffic for possible DoS attacks. EVs are registered with a Central Aggregator (CAG) to exchange authenticated messages, and malicious EVs are added to a blacklist for violating a set of predefined policies to limit their interaction with the CAG. A denial of service (DoS) attack is simulated at CAG in a vehicle-to-grid (V2G) network manipulating various network parameters such as transmission overhead, receiving capacity of destination, average packet size, and channel availability. The proposed system is compared with existing intrusion detection systems using different parameters such as throughput, jitter, and accuracy. The analysis shows that the proposed system has a higher throughput, lower jitter, and higher accuracy as compared to the existing schemes.     

一种基于注意机制和卷积神经网络的视觉模型

针对目前的深度卷积神经网络(CNN)模型规模大、训练参数多、计算速度慢以及难以移植到移动端等问题,提出了一种深度可分离卷积结合3重注意机制模块(DSC-TAM)的视觉模型。首先,通过深度可分离卷积网络来减少模型参数,提高网络模型的计算速度;其次,引入3重注意机制模块提高网络的特征提取能力,改善网络性能。实验结果表明:该方法的识别率可达99.63%,模型规模降低了13%;与标准卷积神经网络视觉模型及其他方法比较,在保证识别精度的同时减少了网络模型的大小。     

Practical Reliability and Maintainability Analysis Tool for an Open Source Cloud Computing

We focus on a cloud computing environment by using open source softwares such as OpenStack and Eucalyptus because of the unification management of data and low cost. A cloud computing is attracting attention as a network service to share the computing resources, that is, networks, servers, storage, applications, and services. We propose jump diffusion models based on stochastic differential equations in order to consider the interesting aspect of the provisioning process. Especially, the reliability and maintainability analysis tool for cloud computing is developed in this paper. Also, we analyze actual data to show numerical illustrations of application of the software analysis tool considering the characteristics of cloud computing. Copyright © 2015 John Wiley & Sons, Ltd.     

A Secure Method for Data Storage and Transmission in Sustainable Cloud Computing

Cloud computing is a technology that provides secure storage space for the customer’s massive data and gives them the facility to retrieve and transmit their data efficiently through a secure network in which encryption and decryption algorithms are being deployed. In cloud computation, data processing, storage, and transmission can be done through laptops and mobile devices. Data Storing in cloud facilities is expanding each day and data is the most significant asset of clients. The important concern with the transmission of information to the cloud is security because there is no perceivability of the client’s data. They have to be dependent on cloud service providers for assurance of the platform’s security. Data security and privacy issues reduce the progression of cloud computing and add complexity. Nowadays; most of the data that is stored on cloud servers is in the form of images and photographs, which is a very confidential form of data that requires secured transmission. In this research work, a public key cryptosystem is being implemented to store, retrieve and transmit information in cloud computation through a modified Rivest-Shamir-Adleman (RSA) algorithm for the encryption and decryption of data. The implementation of a modified RSA algorithm results guaranteed the security of data in the cloud environment. To enhance the user data security level, a neural network is used for user authentication and recognition. Moreover; the proposed technique develops the performance of detection as a loss function of the bounding box. The Faster Region-Based Convolutional Neural Network (Faster R-CNN) gets trained on images to identify authorized users with an accuracy of 99.9% on training.