基于滥用检测和异常检测的入侵检测系统

随着Internet的高速发展，网络安全问题越来越引入注目。在层出不穷的黑客技术中，内部攻击始终占据着很大的成分；与此同时，现有的防火墙技术不能满足人们对网络安全的要求，因此所谓的入侵检测系统越来越多地引起了人们的重视。文章介绍了一种异常检测方法和一种滥用检测方法，并根据所描述的方法构造了一个入侵检测系统，实验证明，该系统可以检测到已知的大部分的入侵行为。     

入侵防护技术综述

随着 Internet 高速发展和普及，网络安全问题日益突出，虽然传统的安全防御技术(如防火墙、入侵检洲技术等)在 某种程度上对防止系统和网络的非法入侵起到一定的作用，但由于这些安全技术自身存在先天的缺点，以及对日新月异的网络 攻击手法缺乏主动响应。在广大计算机学者的研究和不断探索下。入侵防护来统作为一个新型、动态的安全防护系统诞生了。本 文对 IPS 这种动态安全技术进行分析和研究。     

一种基于代理的分布式抗攻击的入侵检测体系结构

提出了一种基于代理(Agent)的入侵检测体系结构。该体系克服了当前入侵检测系统(IDS)的部分缺陷，具有分布式检测、响应入侵的能力，并能对单一主机、检测区域和整个网络进行多层次的检测。利用移动代理，整个检测体系可以灵活、动态地配置和方便地扩展。针对IDS日益成为攻击目标的现状，结合现有保护IDS的研究成果，给出了相应的方法，使该体系能有效地抵抗攻击，有更强的生存能力。     

入侵检测技术研究与系统设计

入侵检测技术是一种主动保护网络资源免受黑客攻击的安全技术。入侵检测系统监控受保护系统的使用情况,发现不安全状态。它不仅帮助系统对付外来网络攻击,还可以查知内部合法用户的非法操作,扩展了系统管理员的安全管理能力。入侵检测为系统提供了实时保护,被认为是防火墙之后的第二道安全闸门。文章讲述了入侵检测技术的发展状况和关键技术,对现有系统进行了分类,并指出了该技术面临的一些挑战。最后提出了一种基于数据挖掘技术的具有自学习、自完善功能的入侵检测模型,可发现已知和未知的滥用入侵和异常入侵活动。     

入侵检测系统发展的研究综述

With the fast development of Internet,more and more computer security affairs appear. Researchers have developed many security mechanisms to improve computer security ,including intrusion detection (ID). This paper re-views the history of intrusion detection systems (IDS)and mainstream techniques used in IDS,showing that IDS couldimprove security only provided that it is devised based on the architecture of the target system. From this, we could see the trend of integration of host-oriented ,network-oriented and application-oriented IDSs.     

基于神经网入侵检测研究与设计

近年来,网络的攻击变得越来越普遍,也越来越难于防范,传统的技术如防火墙难于满足目前网络安全的需要,一项新的网络安全技术—网络入侵检测技术被提出,它能很好的解决其他技术的不足,但是目前的入侵检测技术在入侵检测的准确性和可靠性上还存在问题。本文首先介绍了入侵检测中的特点,然后对神经网络做了详细的介绍,最后设计了一个基于神经网络的入侵检测系统。     

A comparison of Intrusion Detection systems

A computer system intrusion is seen as any set of actions that attempt to compromise the integrity, confidentiality or availability of a resource.[1] The introduction of networks and the Internet caused great concern about the protection of sensitive information and have resulted in many computer security research efforts during the past few years. Although preventative techniques such as access control and authentication attempt to prevent intruders, these can fail, and as a second line of defence, intrusion detection has been introduced. Intrusion detection systems (IDS) are implemented to detect an intrusion as it occurs, and to execute countermeasures when detected.Usually, a security administrator has difficulty in selecting an IDS approach for his unique set-up. In this Report, different approaches to intrusion detection systems are compared, to supply a norm for the best-fit system. The results would assist in the selection of a single appropriate intrusion detection system or combine approaches that best fit any unique computer system.     

基于IPS的校园局域网安全体系研究与实现

在网络安全方面,入侵防御系统IPS是为了弥补网络防火墙及入侵检测系统IDS的不足而诞生的一种防御性质的网络安全技术.不同的入侵防御系统实现的方式各不一样,但其共同点是在威胁进入局域网之前进行防御检测。文章论述了目前校园局域网存在的安全隐患、IPS的概念和分类,校园中如何部署IPS及其IPS的优势。     

Processing intrusion detection alert aggregates with time series modeling

The main use of intrusion detection systems (IDS) is to detect attacks against information systems and networks. Normal use of the network and its functioning can also be monitored with an IDS. It can be used to control, for example, the use of management and signaling protocols, or the network traffic related to some less critical aspects of system policies. These complementary usages can generate large numbers of alerts, but still, in operational environment, the collection of such data may be mandated by the security policy. Processing this type of alerts presents a different problem than correlating alerts directly related to attacks or filtering incorrectly issued alerts.We aggregate individual alerts to alert flows, and then process the flows instead of individual alerts for two reasons. First, this is necessary to cope with the large quantity of alerts – a common problem among all alert correlation approaches. Second, individual alert’s relevancy is often indeterminable, but irrelevant alerts and interesting phenomena can be identified at the flow level. This is the particularity of the alerts created by the complementary uses of IDSes.Flows consisting of alerts related to normal system behavior can contain strong regularities. We propose to model these regularities using non-stationary autoregressive models. Once modeled, the regularities can be filtered out to relieve the security operator from manual analysis of true, but low impact alerts. We present experimental results using these models to process voluminous alert flows from an operational network.     

Feature Selection with Deep Reinforcement Learning for Intrusion Detection System

An intrusion detection system (IDS) becomes an important tool for ensuring security in the network. In recent times, machine learning (ML) and deep learning (DL) models can be applied for the identification of intrusions over the network effectively. To resolve the security issues, this paper presents a new Binary Butterfly Optimization algorithm based on Feature Selection with DRL technique, called BBOFS-DRL for intrusion detection. The proposed BBOFSDRL model mainly accomplishes the recognition of intrusions in the network. To attain this, the BBOFS-DRL model initially designs the BBOFS algorithm based on the traditional butterfly optimization algorithm (BOA) to elect feature subsets. Besides, DRL model is employed for the proper identification and classification of intrusions that exist in the network. Furthermore, beetle antenna search (BAS) technique is applied to tune the DRL parameters for enhanced intrusion detection efficiency. For ensuring the superior intrusion detection outcomes of the BBOFS-DRL model, a wide-ranging experimental analysis is performed against benchmark dataset. The simulation results reported the supremacy of the BBOFS-DRL model over its recent state of art approaches.     

基于代理技术的入侵防御系统研究

入侵防御系统是最近网络安全技术领域一个重要研究方向。文章针对目前入侵检测系统是以被动方式工作这一弊端,分别引入了分布处理、自治代理以及陷阱技术等主动防御思想,提出了一个基于智能代理的分布式主动入侵防御系统,并给出了该系统的详细设计结构、试验平台以及数据分析。实验结果表明该系统具有实时、可伸缩、主动等优点,能有效发现并阻止多种入侵行为,可以解决传统入侵检测系统长期以来存在的问题。     

多代理分布式入侵检测系统在校园网中的应用

近年来，入侵检测系统(IDS)作为信息系统安全的重要组成部分，得到了广泛的重视。可以看到，仅仅采用防火墙技术来构造网络的安全体系是远远不够的，很多攻击可以绕过防火墙。入侵检测技术可以在网络系统受到损害前对入侵行为做出拦截和响应。基于代理的分布式入侵检测系统实现了基于主机和基于网络检测的结合，为网络系统提供更好的安全保护。文中针对防火墙技术的不足，在对入侵检测技术及其通用架构做出分析和研究后，设计了一种基于代理的分布式入侵检测系统，并给出了在某校园网中的实现。     

A hybrid intrusion detection system design for computer network security

Intrusions detection systems (IDSs) are systems that try to detect attacks as they occur or after the attacks took place. IDSs collect network traffic information from some point on the network or computer system and then use this information to secure the network. Intrusion detection systems can be misuse-detection or anomaly detection based. Misuse-detection based IDSs can only detect known attacks whereas anomaly detection based IDSs can also detect new attacks by using heuristic methods. In this paper we propose a hybrid IDS by combining the two approaches in one system. The hybrid IDS is obtained by combining packet header anomaly detection (PHAD) and network traffic anomaly detection (NETAD) which are anomaly-based IDSs with the misuse-based IDS Snort which is an open-source project.The hybrid IDS obtained is evaluated using the MIT Lincoln Laboratories network traffic data (IDEVAL) as a testbed. Evaluation compares the number of attacks detected by misuse-based IDS on its own, with the hybrid IDS obtained combining anomaly-based and misuse-based IDSs and shows that the hybrid IDS is a more powerful system.     

Trust Management and Admission Control for Host-Based Collaborative Intrusion Detection

The accuracy of detecting an intrusion within a network of intrusion detection systems (IDSes) depends on the efficiency of collaboration between member IDSes. The security itself within this network is an additional concern that needs to be addressed. In this paper, we present a trust-based framework for secure and effective collaboration within an intrusion detection network (IDN). In particular, we design a trust model that allows each IDS to evaluate the trustworthiness of other IDSes based on its personal experience. We also propose an admission control algorithm for the IDS to manage the acquaintances it approaches for advice about intrusions. We discuss the effectiveness of our approach in protecting the IDN against common attacks. Additionally, experimental results demonstrate that our system yields significant improvement in detecting intrusions. The trust model further improves the robustness of the collaborative system against malicious attacks. The experimental results also support that our admission control algorithm is effective and fair, and creates incentives for collaboration.     

入侵防御系统研究

为了澄清人们对入侵防御系统(Intrusion Prevention System,IPS)的认识,该文在分析了传统防火墙和入侵检测系统(IDS)不足的基础上,介绍了入侵防御系统的产生原因,比较了入侵检测系统和入侵防御系统,详细分析了入侵防御系统的工作原理。根据当前安全行业及相关行业的现状和发展趋势,重点预测了入侵防御系统未来的发展趋势。     

网络入侵防范技术之比较

随着计算机网络的飞速发展,保障网络安全、防范网络入侵已成为刻不容缓的问题。继防火墙之后的网络入侵防范技术:IDS、IPS、IMS等已经开始在网络中部署和应用。该文通过比较这些技术防范入侵的特点,介绍了如何结合网络安全策略的需求,应用这些技术构筑立体的、多层的网络安全防护系统。     

Wrapper Based Linear Discriminant Analysis (LDA) for Intrusion Detection in IIoT

The internet has become a part of every human life. Also, various devices that are connected through the internet are increasing. Nowadays, the Industrial Internet of things (IIoT) is an evolutionary technology interconnecting various industries in digital platforms to facilitate their development. Moreover, IIoT is being used in various industrial fields such as logistics, manufacturing, metals and mining, gas and oil, transportation, aviation, and energy utilities. It is mandatory that various industrial fields require highly reliable security and preventive measures against cyber-attacks. Intrusion detection is defined as the detection in the network of security threats targeting privacy information and sensitive data. Intrusion Detection Systems (IDS) have taken an important role in providing security in the field of computer networks. Prevention of intrusion is completely based on the detection functions of the IDS. When an IIoT network expands, it generates a huge volume of data that needs an IDS to detect intrusions and prevent network attacks. Many research works have been done for preventing network attacks. Every day, the challenges and risks associated with intrusion prevention are increasing while their solutions are not properly defined. In this regard, this paper proposes a training process and a wrapper-based feature selection With Direct Linear Discriminant Analysis LDA (WDLDA). The implemented WDLDA results in a rate of detection accuracy (DRA) of 97% and a false positive rate (FPR) of 11% using the Network Security Laboratory-Knowledge Discovery in Databases (NSL-KDD) dataset.     

针对网络入侵检测系统的攻击及防御

Internet的使用越来越广泛,随之而来的网络安全已成为人们关注的焦点。入侵检测系统作为一种对付攻击的有效手段,已为越来越多的单位所采用。然而一旦攻击者发现目标网络中部署有入侵检测系统IDS,那么IDS往往成为他们首选的攻击目标。该文详细分析了针对网络IDS的几种攻击类型,即过载攻击、崩溃攻击和欺骗攻击,以及如何防御这些攻击,这对于IDS的设计具有一定的借鉴意义。     

入侵检测技术的研究与进展

入侵检测系统(IDS)作为一门新兴的安全技术，是网络安全系统中的重要组成部分。该文阐述了入侵检测系统的基本原理和功能模块，从数据源、检测方法和检测定时三个方面描述了入侵检测系统的分类，并对目前国内外入侵检测技术的研究现状作了介绍和分析。随着计算机技术和网络技术的高速发展，海量存储和高带宽的传输技术，都使得集中式的入侵检测越来越不能满足系统需求。由此指出，分布式入侵检测(DID)必将逐渐成为入侵检测乃至整个网络安全领域的研究重点，为进行入侵检测技术的研究提供一定的技术和理论依据。