共查询到19条相似文献,搜索用时 180 毫秒
1.
利用SNMP代理实现基于状态机的入侵检测 总被引:1,自引:0,他引:1
在分析现有入侵检测方法及其缺陷的基础上,提出了一种基于状态机的入侵检测的SNMP代理方案。该方案利用基于有限状态自动机的协议轨迹规范语言PISL描述入侵和攻击特征,利用Script MIB实现代理的配置,利用扩展的RMON2 MIB存储入侵检测的统计信息。最后通过试验表明,这个方案规范了攻击特征的精确描述,有效的减少了误报,实现了入侵检测系统和网络管理系统的有机结合。 相似文献
2.
计算机网络技术的迅速发展使得图书馆网络、用户认证系统、网络管理系统、Internet接入系统等成为一个整体,真正实现了图书馆资源的数字化,方便读者用户随时随地访问图书资源。综合型的网络是数字化图书馆网络发展的必然,但随着其应用的深入,图书馆网络的安全问题不断暴露出来,直接影响着网络的正常运行、技术人员的维护工作和读者用户的即时资源访问。因此,怎样保障网络安全并使之能够正常运行成为一个无法避免的问题。本文以构建图书馆网络安全体系为出发点,提出一种全新的入侵检测策略,用于图书馆网络的入侵检测。入侵检测(Intrusion Detection,ID)是一种主动的网络安全防护措施,是网络安全防护体系的重要组成部分,它从系统内部和各种网络资源中主动采集信息,从中分析可能的网络入侵或攻击。本文中提出的入侵检测策略基于无线局域网的数据链路层,采用协议分析技术和伪装设备辨识技术,通过对传输在数据链路层信息关键字段的检测与统计,实现接入设备的身份检测与行为统计。模拟实验结果显示,该策略能有效地检测网络恶意入侵,同时不会降低网络的性能。 相似文献
3.
入侵检测系统探讨 总被引:1,自引:0,他引:1
当今世界,互联网迅猛发展,人们在充分享受信息资源共享极大便利的同时,基于互联网的广域开放性,也使网络被攻击和破坏的风险大大增加,各种攻击事件与入侵手法层出不穷,由此催生市场对于网络安全产品的需求不断增加。使用防火墙、访问控制、加密技术等传统的安全技术和产品,在入侵技术快速发展的新形势下,逐步暴露出其局限性。入侵检测系统是继防火墙之后计算机网络安全系统保护的第二道安全闸门,主要收集计算机网络或计算机系统中若干关键点的信息并对其进行分析,从而发现网络或系统中是否存在违反安全策略的行为或被攻击的迹象,引入入侵检测系统,并对入侵检测的分类和存在的问题进行分析与研究,最后分析入侵检测发展方向。 相似文献
4.
介绍Windows平台下基于NDIS中间层技术实现入侵检测的方法。并在系统中引入协议分析技术,提出一种入侵检测模型。对该模型中的数据采集模块以及协议分析模块进行实现,并利用协议分析模块实现对几种常见的攻击的检测。 相似文献
5.
针对密码协议在实际运行中遭受攻击的问题,设计了自适应容忍入侵的密码协议安全运行防护系统.该防护系统主要由入侵检测模块和容忍入侵模块组成.入侵检测模块采用基于特征和异常的混合入侵检测模式,使用有限状态自动机(FSM)匹配密码协议执行中的各状态参数,实时检测密码协议的运行情况,并把检测结果发送给容忍入侵模块,触发容忍入侵模块根据预先设计好的自适应调整策略,对密码协议的运行进行调节,以达到容忍攻击的目的.采用模拟试验对系统模型进行了仿真测试,测试结果表明该模型能够在一定程度上成功检测对密码协议的攻击行为,并具有容忍某些特定类型攻击的能力. 相似文献
6.
7.
8.
入侵检测技术是通过对计算机网络和主机系统中的关键信息进行实时采集和分析,从而判断出非法用户入侵和合法用户滥用资源的行为,并做出适当反应的网络安全技术,是继数据加密、防火墙等措施之后的又一种安全措施,随着计算机网络技术的不断发展,需要分析的数据急剧膨胀,如何提高检测的效率成为当务之急,而数据挖掘正是解决此问题的一剂良药,首先介绍入侵检测和数据挖掘的相关概念,接着分析采用数据挖掘技术的入侵检测系统的优势和缺点,最后提出一些改进的方向。 相似文献
9.
罗腾 《中国新技术新产品》2010,(14):42-42
本文对入侵检测关键技术中的协议分析技术、协议规则特征的匹配等做了研究,把网络异常检测中的协议分析技术与传统的模式匹配技术相结合,通过高度规则的网络协议优势来减少系统的工作复杂度,利用模式匹配方式来确保检测的准确性和降低漏报率。 相似文献
10.
入侵检测技术作为计算机安全技术的一个重要组成部分,已经受到越来越广泛地关注。作为一种新的动态安全防御技术,它是继防火墙之后的第二道安全防线。主要研究当前入侵检测一直无法很好解决的两个问题,即复杂网络攻击的检测和网络在入侵攻击下的风险评估。 相似文献
11.
Mavra Mehmood Talha Javed Jamel Nebhen Sidra Abbas Rabia Abid Giridhar Reddy Bojja Muhammad Rizwan 《计算机、材料和连续体(英文)》2022,70(1):91-107
Due to the widespread use of the internet and smart devices, various attacks like intrusion, zero-day, Malware, and security breaches are a constant threat to any organization's network infrastructure. Thus, a Network Intrusion Detection System (NIDS) is required to detect attacks in network traffic. This paper proposes a new hybrid method for intrusion detection and attack categorization. The proposed approach comprises three steps to address high false and low false-negative rates for intrusion detection and attack categorization. In the first step, the dataset is preprocessed through the data transformation technique and min-max method. Secondly, the random forest recursive feature elimination method is applied to identify optimal features that positively impact the model's performance. Next, we use various Support Vector Machine (SVM) types to detect intrusion and the Adaptive Neuro-Fuzzy System (ANFIS) to categorize probe, U2R, R2U, and DDOS attacks. The validation of the proposed method is calculated through Fine Gaussian SVM (FGSVM), which is 99.3% for the binary class. Mean Square Error (MSE) is reported as 0.084964 for training data, 0.0855203 for testing, and 0.084964 to validate multiclass categorization. 相似文献
12.
入侵检测系统是一种被动的安全防御方法。它是通过分析各种收集到的数据来发现可能的入侵行为。常用的入侵检测分类方法不仅算法复杂而且效率还偏低。本文提出一种基于粒子群算法和时间序列相结合的半监督入侵检测方法来提高入侵检测的分类效率。实验结果表明,该方法用于入侵检测系统具有较高的检测率。 相似文献
13.
With the advancement of network communication technology, network traffic shows explosive growth. Consequently, network attacks occur frequently. Network intrusion detection systems are still the primary means of detecting attacks. However, two challenges continue to stymie the development of a viable network intrusion detection system: imbalanced training data and new undiscovered attacks. Therefore, this study proposes a unique deep learning-based intrusion detection method. We use two independent in-memory autoencoders trained on regular network traffic and attacks to capture the dynamic relationship between traffic features in the presence of unbalanced training data. Then the original data is fed into the triplet network by forming a triplet with the data reconstructed from the two encoders to train. Finally, the distance relationship between the triples determines whether the traffic is an attack. In addition, to improve the accuracy of detecting unknown attacks, this research proposes an improved triplet loss function that is used to pull the distances of the same class closer while pushing the distances belonging to different classes farther in the learned feature space. The proposed approach’s effectiveness, stability, and significance are evaluated against advanced models on the Android Adware and General Malware Dataset (AAGM17), Knowledge Discovery and Data Mining Cup 1999 (KDDCUP99), Canadian Institute for Cybersecurity Group’s Intrusion Detection Evaluation Dataset (CICIDS2017), UNSW-NB15, Network Security Lab-Knowledge Discovery and Data Mining (NSL-KDD) datasets. The achieved results confirmed the superiority of the proposed method for the task of network intrusion detection. 相似文献
14.
Yongro Park Seung Hyun Baek Seong‐Hee Kim Kwok‐Leung Tsui 《Quality and Reliability Engineering International》2014,30(2):257-273
Intrusion detection systems have a vital role in protecting computer networks and information systems. In this article, we applied a statistical process control (SPC)–monitoring concept to a certain type of traffic data to detect a network intrusion. We proposed an SPC‐based intrusion detection process and described it and the source and the preparation of data used in this article. We extracted sample data sets that represent various situations, calculated event intensities for each situation, and stored these sample data sets in the data repository for use in future research. This article applies SPC charting methods for intrusion detection. In particular, it uses the basic security module host audit data from the MIT Lincoln Laboratory and applies the Shewhart chart, the cumulative sum chart, and the exponential weighted moving average chart to detect a denial of service intrusion attack. The case study shows that these SPC techniques are useful for detecting and monitoring intrusions. Copyright © 2013 John Wiley & Sons, Ltd. 相似文献
15.
NIDS (Network Intrusion Detection Systems) plays a vital role in security
threats to computers and networks. With the onset of gigabit networks, hardware-based
Intrusion Detection System gains popularity because of its high performance when
compared to the software-based NIDS. The software-based system limits parallel
execution, which in turn confines the performance of a modern network. This paper
presents a signature-based lookup technique using reconfigurable hardware. Content
Addressable Memory (CAM) is used as a lookup table architecture to improve the speed
instead of search algorithms. To minimize the power and to increase the speed, precomputation based CAM (PBCAM) can be used, as this technique avoids repeated search
comparisons. PBCAM employs the two-stage comparison with a parameter memory in
the first stage and data memory in the second stage. Only the matched data in the
parameter memory are compared in the data memory. This reduces the number of
comparisons, thereby increasing the speed of the system. In this work dual-port RAMbased PBCAM (DP-PBCAM) is used to design a signature-based intrusion detection
system. A low power parameter extractor is used with a minimum number of gates for
precomputation. The hardware implementation is done using Xilinx Spartan 3E FPGA.
The proposed DP-PBCAM lookups support a gigabit-speed of 7.42 Gbps. 相似文献
16.
Muhammad Sajid Farooq Sagheer Abbas Atta-ur-Rahman Kiran Sultan Muhammad Adnan Khan Amir Mosavi 《计算机、材料和连续体(英文)》2023,74(2):2607-2623
The rapid growth in data generation and increased use of computer network devices has amplified the infrastructures of internet. The interconnectivity of networks has brought various complexities in maintaining network availability, consistency, and discretion. Machine learning based intrusion detection systems have become essential to monitor network traffic for malicious and illicit activities. An intrusion detection system controls the flow of network traffic with the help of computer systems. Various deep learning algorithms in intrusion detection systems have played a prominent role in identifying and analyzing intrusions in network traffic. For this purpose, when the network traffic encounters known or unknown intrusions in the network, a machine-learning framework is needed to identify and/or verify network intrusion. The Intrusion detection scheme empowered with a fused machine learning technique (IDS-FMLT) is proposed to detect intrusion in a heterogeneous network that consists of different source networks and to protect the network from malicious attacks. The proposed IDS-FMLT system model obtained 95.18% validation accuracy and a 4.82% miss rate in intrusion detection. 相似文献
17.
With the development of Information technology and the popularization of Internet, whenever and wherever possible, people can connect to the Internet optionally. Meanwhile, the security of network traffic is threatened by various of online malicious behaviors. The aim of an intrusion detection system (IDS) is to detect the network behaviors which are diverse and malicious. Since a conventional firewall cannot detect most of the malicious behaviors, such as malicious network traffic or computer abuse, some advanced learning methods are introduced and integrated with intrusion detection approaches in order to improve the performance of detection approaches. However, there are very few related studies focusing on both the effective detection for attacks and the representation for malicious behaviors with graph. In this paper, a novel intrusion detection approach IDBFG (Intrusion Detection Based on Feature Graph) is proposed which first filters normal connections with grid partitions, and then records the patterns of various attacks with a novel graph structure, and the behaviors in accordance with the patterns in graph are detected as intrusion behaviors. The experimental results on KDD-Cup 99 dataset show that IDBFG performs better than SVM (Supprot Vector Machines) and Decision Tree which are trained and tested in original feature space in terms of detection rates, false alarm rates and run time. 相似文献
18.
Complex Event Processing (CEP) is an emerging technology for processing and identifying patterns of interest from multiple streams of events in real/near real time. Sensor network-based security and surveillance is a topic of recent research where events generated from distributed sensors at an unpredictable rate need to be analysed for possible threats and respond in a timely manner. Traditional software architectures like client/server architecture where the interactions are pull-based (DBMS) do not target the efficient processing of streams of events in real time. CEP which is a push-based system can process streaming data to identify the intrusion patterns in near real time and respond to the threats. An Intrusion Detection System (IDS) based on single sensor may fail to give accurate identification of intrusion. Hence there is a need for multisensor based IDS. A multisensor-based IDS enables identification of the intrusion patterns semantically by correlating the events and context information provided by multiple sensors. JDL multisource data fusion model is a well-known research model first established by the Joint Directorate Laboratories. This paper proposes JDL fusion framework-based CEP for semantic intrusion detection. The events generated from heterogeneous sensors are collected, aggregated using logical and spatiotemporal relations to form complex events which model the intrusion patterns. The proposed system is implemented and the results show that the proposed system out performs the pull-based solutions in terms of detection accuracy and detection time. 相似文献
19.
Blockchain merges technology with the Internet of Things (IoT) for addressing security and privacy-related issues. However, conventional blockchain suffers from scalability issues due to its linear structure, which increases the storage overhead, and Intrusion detection performed was limited with attack severity, leading to performance degradation. To overcome these issues, we proposed MZWB (Multi-Zone-Wise Blockchain) model. Initially, all the authenticated IoT nodes in the network ensure their legitimacy by using the Enhanced Blowfish Algorithm (EBA), considering several metrics. Then, the legitimately considered nodes for network construction for managing the network using Bayesian-Direct Acyclic Graph (B-DAG), which considers several metrics. The intrusion detection is performed based on two tiers. In the first tier, a Deep Convolution Neural Network (DCNN) analyzes the data packets by extracting packet flow features to classify the packets as normal, malicious, and suspicious. In the second tier, the suspicious packets are classified as normal or malicious using the Generative Adversarial Network (GAN). Finally, intrusion scenario performed reconstruction to reduce the severity of attacks in which Improved Monkey Optimization (IMO) is used for attack path discovery by considering several metrics, and the Graph cut utilized algorithm for attack scenario reconstruction (ASR). UNSW-NB15 and BoT-IoT utilized datasets for the MZWB method simulated using a Network simulator (NS-3.26). Compared with previous performance metrics such as energy consumption, storage overhead accuracy, response time, attack detection rate, precision, recall, and F-measure. The simulation result shows that the proposed MZWB method achieves high performance than existing works 相似文献