多线程TCP/IP协议还原技术的研究

就网络入侵检测系统的网络协议还原技术提出并实现了一套多线程并行的TCP／IP协议还原方案(PactNidsLib)。方案解决了共享内存对称多处理器体系结构(SMP)下网络入侵检测系统的性能扩展问题。同时还针对SMP结构下存在的负载均衡和并发临界区问题对方案进行了优化。     

入侵检测系统探讨

当今世界,互联网迅猛发展,人们在充分享受信息资源共享极大便利的同时,基于互联网的广域开放性,也使网络被攻击和破坏的风险大大增加,各种攻击事件与入侵手法层出不穷,由此催生市场对于网络安全产品的需求不断增加。使用防火墙、访问控制、加密技术等传统的安全技术和产品,在入侵技术快速发展的新形势下,逐步暴露出其局限性。入侵检测系统是继防火墙之后计算机网络安全系统保护的第二道安全闸门,主要收集计算机网络或计算机系统中若干关键点的信息并对其进行分析,从而发现网络或系统中是否存在违反安全策略的行为或被攻击的迹象,引入入侵检测系统,并对入侵检测的分类和存在的问题进行分析与研究,最后分析入侵检测发展方向。     

入侵检测系统的发展研究趋势分析

近年来网络技术迅猛发展,人们与网络的关系也越来越密切了。同时一个突出的问题也摆在人们的面前:那就是网络安全问题。既然谈到网络安全,那么我们就不得不来讨论防火墙和入侵检测系统。本文在介绍入侵检测系统的基本概念、发展及系统模型的基础上,对局域网中入侵检测系统的分类、建立及入侵过程的分析与防范进行了描述。     

基于协议分析的入侵检测系统研究与设计

本文对入侵检测关键技术中的协议分析技术、协议规则特征的匹配等做了研究,把网络异常检测中的协议分析技术与传统的模式匹配技术相结合,通过高度规则的网络协议优势来减少系统的工作复杂度,利用模式匹配方式来确保检测的准确性和降低漏报率。     

计算机网络入侵检测系统

随着网络技术的快速发展,网络入侵事件的发生也渐渐的增多。从网络安全立体、纵深、多层次防御的角度出发,入侵检测系统和技术得到的高度重视。本文在对计算机网络入侵检测系统的介绍的基础上,重点对其工作过程及关键技术和当前存在的问题进行了研究和分析。     

网络入侵检测系统研究

针对网络入侵检测系统的几个瓶颈,对网络入侵检测系统做研究.在此基础上设计一个整体策略,并给出网络入侵检测系统的基本实现,最后给出基于CEV规则库的应用.     

入侵检测系统在计算机网络安全的运用

随着计算机网络技术的不断发展,人们对网络安全也越来越重视。将对入侵检测系统在计算机网络安全的运用展开探讨,并对其概念、运用过程及作用等方面进行分析,其实际情况如下。     

计算机网络入侵检测中免疫机制的应用研究

本文就主要针对免疫机制的产生原理、功能目标的实现方式、功能完善的手段以及未来的发展方向等进行了详尽的探究,总结得出计算机网络入侵检测中免疫机制的应用效应,希望能够通过本文的探究,为相关的人员带来一定的参考和借鉴。     

克隆选择算法在入侵检测系统中的应用

将克隆选择算法应用于入侵检测系统中,利用克隆选择的原理和规则来达到检测和响应入侵行为的效果。数据经过克隆,变异和自然选择的处理之后,能够更好地检测到可疑入侵行为,有效改善入侵数据的漏报现象。     

入侵检测技术

1入侵检溯技术发展历史 1．1什么是入侵检测技术 说到网络安全防护,最常用的设备是防火墙。防火墙是通过预先定义规则并依据规则对访问进行过滤的一种设备;防火墙能利用封包的多样属性来进行过滤,例如：来源IP地址、来源端口号、目的IP地址或端口号、服务类型（如WWW或是FTP）。     

MEM-TET: Improved Triplet Network for Intrusion Detection System

With the advancement of network communication technology, network traffic shows explosive growth. Consequently, network attacks occur frequently. Network intrusion detection systems are still the primary means of detecting attacks. However, two challenges continue to stymie the development of a viable network intrusion detection system: imbalanced training data and new undiscovered attacks. Therefore, this study proposes a unique deep learning-based intrusion detection method. We use two independent in-memory autoencoders trained on regular network traffic and attacks to capture the dynamic relationship between traffic features in the presence of unbalanced training data. Then the original data is fed into the triplet network by forming a triplet with the data reconstructed from the two encoders to train. Finally, the distance relationship between the triples determines whether the traffic is an attack. In addition, to improve the accuracy of detecting unknown attacks, this research proposes an improved triplet loss function that is used to pull the distances of the same class closer while pushing the distances belonging to different classes farther in the learned feature space. The proposed approach’s effectiveness, stability, and significance are evaluated against advanced models on the Android Adware and General Malware Dataset (AAGM17), Knowledge Discovery and Data Mining Cup 1999 (KDDCUP99), Canadian Institute for Cybersecurity Group’s Intrusion Detection Evaluation Dataset (CICIDS2017), UNSW-NB15, Network Security Lab-Knowledge Discovery and Data Mining (NSL-KDD) datasets. The achieved results confirmed the superiority of the proposed method for the task of network intrusion detection.     

Improving the Detection Rate of Rarely Appearing Intrusions in Network-Based Intrusion Detection Systems

In network-based intrusion detection practices, there are more regular instances than intrusion instances. Because there is always a statistical imbalance in the instances, it is difficult to train the intrusion detection system effectively. In this work, we compare intrusion detection performance by increasing the rarely appearing instances rather than by eliminating the frequently appearing duplicate instances. Our technique mitigates the statistical imbalance in these instances. We also carried out an experiment on the training model by increasing the instances, thereby increasing the attack instances step by step up to 13 levels. The experiments included not only known attacks, but also unknown new intrusions. The results are compared with the existing studies from the literature, and show an improvement in accuracy, sensitivity, and specificity over previous studies. The detection rates for the remote-to-user (R2L) and user-to-root (U2L) categories are improved significantly by adding fewer instances. The detection of many intrusions is increased from a very low to a very high detection rate. The detection of newer attacks that had not been used in training improved from 9% to 12%. This study has practical applications in network administration to protect from known and unknown attacks. If network administrators are running out of instances for some attacks, they can increase the number of instances with rarely appearing instances, thereby improving the detection of both known and unknown new attacks.     

Enhance Intrusion Detection in Computer Networks Based on Deep Extreme Learning Machine

Networks provide a significant function in everyday life, and cybersecurity therefore developed a critical field of study. The Intrusion detection system (IDS) becoming an essential information protection strategy that tracks the situation of the software and hardware operating on the network. Notwithstanding advancements of growth, current intrusion detection systems also experience dif- ficulties in enhancing detection precision, growing false alarm levels and identifying suspicious activities. In order to address above mentioned issues, several researchers concentrated on designing intrusion detection systems that rely on machine learning approaches. Machine learning models will accurately identify the underlying variations among regular information and irregular information with incredible efficiency. Artificial intelligence, particularly machine learning methods can be used to develop an intelligent intrusion detection framework. There in this article in order to achieve this objective, we propose an intrusion detection system focused on a Deep extreme learning machine (DELM) which first establishes the assessment of safety features that lead to their prominence and then constructs an adaptive intrusion detection system focusing on the important features. In the moment, we researched the viability of our suggested DELMbased intrusion detection system by conducting dataset assessments and evaluating the performance factors to validate the system reliability. The experimental results illustrate that the suggested framework outclasses traditional algorithms. In fact, the suggested framework is not only of interest to scientific research but also of functional importance.     

A Hybrid Approach for Network Intrusion Detection

Due to the widespread use of the internet and smart devices, various attacks like intrusion, zero-day, Malware, and security breaches are a constant threat to any organization's network infrastructure. Thus, a Network Intrusion Detection System (NIDS) is required to detect attacks in network traffic. This paper proposes a new hybrid method for intrusion detection and attack categorization. The proposed approach comprises three steps to address high false and low false-negative rates for intrusion detection and attack categorization. In the first step, the dataset is preprocessed through the data transformation technique and min-max method. Secondly, the random forest recursive feature elimination method is applied to identify optimal features that positively impact the model's performance. Next, we use various Support Vector Machine (SVM) types to detect intrusion and the Adaptive Neuro-Fuzzy System (ANFIS) to categorize probe, U2R, R2U, and DDOS attacks. The validation of the proposed method is calculated through Fine Gaussian SVM (FGSVM), which is 99.3% for the binary class. Mean Square Error (MSE) is reported as 0.084964 for training data, 0.0855203 for testing, and 0.084964 to validate multiclass categorization.     

利用SNMP代理实现基于状态机的入侵检测

在分析现有入侵检测方法及其缺陷的基础上，提出了一种基于状态机的入侵检测的SNMP代理方案。该方案利用基于有限状态自动机的协议轨迹规范语言PISL描述入侵和攻击特征，利用Script MIB实现代理的配置，利用扩展的RMON2 MIB存储入侵检测的统计信息。最后通过试验表明，这个方案规范了攻击特征的精确描述，有效的减少了误报，实现了入侵检测系统和网络管理系统的有机结合。     

Multi-VMs Intrusion Detection for Cloud Security Using Dempster-shafer Theory

Cloud computing provides easy and on-demand access to computing resources in a configurable pool. The flexibility of the cloud environment attracts more and more network services to be deployed on the cloud using groups of virtual machines (VMs), instead of being restricted on a single physical server. When more and more network services are deployed on the cloud, the detection of the intrusion likes Distributed Denial-of-Service (DDoS) attack becomes much more challenging than that on the traditional servers because even a single network service now is possibly provided by groups of VMs across the cloud system. In this paper, we propose a cloud-based intrusion detection system (IDS) which inspects the features of data flow between neighboring VMs, analyzes the probability of being attacked on each pair of VMs and then regards it as independent evidence using Dempster-Shafer theory, and eventually combines the evidence among all pairs of VMs using the method of evidence fusion. Unlike the traditional IDS that focus on analyzing the entire network service externally, our proposed algorithm makes full use of the internal interactions between VMs, and the experiment proved that it can provide more accurate results than the traditional algorithm.     

Multi-Attack Intrusion Detection System for Software-Defined Internet of Things Network

Currently, the Internet of Things (IoT) is revolutionizing communication technology by facilitating the sharing of information between different physical devices connected to a network. To improve control, customization, flexibility, and reduce network maintenance costs, a new Software-Defined Network (SDN) technology must be used in this infrastructure. Despite the various advantages of combining SDN and IoT, this environment is more vulnerable to various attacks due to the centralization of control. Most methods to ensure IoT security are designed to detect Distributed Denial-of-Service (DDoS) attacks, but they often lack mechanisms to mitigate their severity. This paper proposes a Multi-Attack Intrusion Detection System (MAIDS) for Software-Defined IoT Networks (SDN-IoT). The proposed scheme uses two machine-learning algorithms to improve detection efficiency and provide a mechanism to prevent false alarms. First, a comparative analysis of the most commonly used machine-learning algorithms to secure the SDN was performed on two datasets: the Network Security Laboratory Knowledge Discovery in Databases (NSL-KDD) and the Canadian Institute for Cybersecurity Intrusion Detection Systems (CICIDS2017), to select the most suitable algorithms for the proposed scheme and for securing SDN-IoT systems. The algorithms evaluated include Extreme Gradient Boosting (XGBoost), K-Nearest Neighbor (KNN), Random Forest (RF), Support Vector Machine (SVM), and Logistic Regression (LR). Second, an algorithm for selecting the best dataset for machine learning in Intrusion Detection Systems (IDS) was developed to enable effective comparison between the datasets used in the development of the security scheme. The results showed that XGBoost and RF are the best algorithms to ensure the security of SDN-IoT and to be applied in the proposed security system, with average accuracies of 99.88% and 99.89%, respectively. Furthermore, the proposed security scheme reduced the false alarm rate by 33.23%, which is a significant improvement over prevalent schemes. Finally, tests of the algorithm for dataset selection showed that the rates of false positives and false negatives were reduced when the XGBoost and RF algorithms were trained on the CICIDS2017 dataset, making it the best for IDS compared to the NSL-KDD dataset.     

Optimal Deep Reinforcement Learning for Intrusion Detection in UAVs

In recent years, progressive developments have been observed in recent technologies and the production cost has been continuously decreasing. In such scenario, Internet of Things (IoT) network which is comprised of a set of Unmanned Aerial Vehicles (UAV), has received more attention from civilian to military applications. But network security poses a serious challenge to UAV networks whereas the intrusion detection system (IDS) is found to be an effective process to secure the UAV networks. Classical IDSs are not adequate to handle the latest computer networks that possess maximum bandwidth and data traffic. In order to improve the detection performance and reduce the false alarms generated by IDS, several researchers have employed Machine Learning (ML) and Deep Learning (DL) algorithms to address the intrusion detection problem. In this view, the current research article presents a deep reinforcement learning technique, optimized by Black Widow Optimization (DRL-BWO) algorithm, for UAV networks. In addition, DRL involves an improved reinforcement learning-based Deep Belief Network (DBN) for intrusion detection. For parameter optimization of DRL technique, BWO algorithm is applied. It helps in improving the intrusion detection performance of UAV networks. An extensive set of experimental analysis was performed to highlight the supremacy of the proposed model. From the simulation values, it is evident that the proposed method is appropriate as it attained high precision, recall, F-measure, and accuracy values such as 0.985, 0.993, 0.988, and 0.989 respectively.     

An Intrusion Detection Algorithm Based on Feature Graph

With the development of Information technology and the popularization of Internet, whenever and wherever possible, people can connect to the Internet optionally. Meanwhile, the security of network traffic is threatened by various of online malicious behaviors. The aim of an intrusion detection system (IDS) is to detect the network behaviors which are diverse and malicious. Since a conventional firewall cannot detect most of the malicious behaviors, such as malicious network traffic or computer abuse, some advanced learning methods are introduced and integrated with intrusion detection approaches in order to improve the performance of detection approaches. However, there are very few related studies focusing on both the effective detection for attacks and the representation for malicious behaviors with graph. In this paper, a novel intrusion detection approach IDBFG (Intrusion Detection Based on Feature Graph) is proposed which first filters normal connections with grid partitions, and then records the patterns of various attacks with a novel graph structure, and the behaviors in accordance with the patterns in graph are detected as intrusion behaviors. The experimental results on KDD-Cup 99 dataset show that IDBFG performs better than SVM (Supprot Vector Machines) and Decision Tree which are trained and tested in original feature space in terms of detection rates, false alarm rates and run time.     

Blockchain Assisted Intrusion Detection System Using Differential Flower Pollination Model

Cyberattacks are developing gradually sophisticated, requiring effective intrusion detection systems (IDSs) for monitoring computer resources and creating reports on anomalous or suspicious actions. With the popularity of Internet of Things (IoT) technology, the security of IoT networks is developing a vital problem. Because of the huge number and varied kinds of IoT devices, it can be challenging task for protecting the IoT framework utilizing a typical IDS. The typical IDSs have their restrictions once executed to IoT networks because of resource constraints and complexity. Therefore, this paper presents a new Blockchain Assisted Intrusion Detection System using Differential Flower Pollination with Deep Learning (BAIDS-DFPDL) model in IoT Environment. The presented BAIDS-DFPDL model mainly focuses on the identification and classification of intrusions in the IoT environment. To accomplish this, the presented BAIDS-DFPDL model follows blockchain (BC) technology for effective and secure data transmission among the agents. Besides, the presented BAIDS-DFPDL model designs Differential Flower Pollination based feature selection (DFPFS) technique to elect features. Finally, sailfish optimization (SFO) with Restricted Boltzmann Machine (RBM) model is applied for effectual recognition of intrusions. The simulation results on benchmark dataset exhibit the enhanced performance of the BAIDS-DFPDL model over other models on the recognition of intrusions.