模糊逻辑理论在入侵检测系统中的应用研究

通过基于模糊逻辑的数据挖掘方法实现特征选择,使用模糊逻辑推理进行数据分析,以及支持响应回卷的模糊默认逻辑推理处理预警响应,使得入侵检测系统在特征选择和预警响应方面得到改善。实验结果显示,该检测方法能够有效检测入侵攻击,具有较低的误报率和漏报率。     

一种自适应的多级入侵检测模型

网络入侵检测是互联网安全领域研究的热点问题。传统的基于异常的入侵检测方法采用单一的检测模型对各类数据进行检测,导致漏报率高。且缺乏模型的动态更新机制,导致模型自适应羞。针对上述问题,提出了一种具有自适应性的多级入侵检测模型ACIDM（Adaptive Cascaded Intrusion Detection Model）。ACIDM层级部署多个检测模型,各级模型之间通过检测反馈对模型进行动态更新和协同训练。实验证明,与单一检测模型相比、ACIDM检测器的多样性、层级性和自适应性,使得ACIDM在保证检测精度的同时能明显降低对入侵的漏报率,且这种优势在小样本情况下尤为显著。     

基于聚类和支持向量机的入侵检测研究

提出了一种基于聚类和支持向量机的入侵检测算法,该算法可以有效地减小计算复杂性,提高检测性能。算法首先使用K-MEANS聚类算法对数据做一个初步的划分得到多个类;然后考察每个类中数据的标识,只有当类中的数据标识不止一个时才进行支持向量的查找。最后使用KDD CUP 1999进行了计算机仿真实验,实验结果说明了该算法的有效性。     

CURE算法在入侵检测系统中的应用研究

入侵检测系统是计算机网络安全的重要组成部分。该文提出了一种基于CURE算法的异常检测方法,并以KDD99的数据集为基础做了相应的实验。实验结果证明,这种方法具有较高的检测性能。     

基于SMOTE和GBDT的网络入侵检测方法研究

现有基于机器学习的入侵检测方法大多专注于提高整体检测率和降低整体的漏报率,忽视了少数类别的检测率和漏报率。为此,提出了一种基于SMOTE (Synthetic Minority Oversampling Technique )和GBDT(Gradient Boosting Decision Tree)的入侵检测方法。其核心思想是首先在预处理阶段使用SMOTE技术提高少数类别的样本数量,且对多数类别样本降采样,最后在平衡数据集上训练GBDT分类器。利用KDD99数据集进行实验验证,并与在原始训练集上训练的分类器、KDD99竞赛的最好成绩对比,结果表明,该方法在保持较高的整体正确率的同时较大程度上降低了少数类的漏报率。     

基于数据挖掘的入侵检测技术研究

本文介绍了数据挖掘技术在入侵检测领域的应用,介绍了数据挖掘的常用算法,并在此基础上给出了一个基于数据挖掘的入侵检测模型。     

基于KPCA入侵检测特征提取技术研究

详细介绍了基于KPCA入侵检测系统特征提取的工作原理，并在MATLAB环境下利用KDDCUP99数据集进行了基于KPCA特征提取的仿真实验，结果表明KPCA能对样本能进行很好的降维，并可保持较高的检测率，适用于入侵检测的数据源较复杂和其中存在一些非线性特征的网络入侵检测系统。     

基于数据挖掘的入侵检测技术研究

当今社会信息安全问题引起了人们的广泛关注。本文介绍了入侵检测的重要性以及传统入侵检测的类型和局限性，指出利用数据挖掘技术可以克服这些局限性。本文给出了数据挖掘技术的定义、入侵检测模型数据挖掘过程、基于数据挖掘的入侵检测框架．最后指出了需要继续研究的几个热点问题。     

基于数据挖掘的入侵检测技术研究

本文介绍了数据挖掘技术在入侵检测领域的应用,介绍了数据挖掘的常用算法,并在此基础上给出了一个基于数据挖掘的入侵检测模型.     

基于数据筛选策略的入侵检测研究

网络入侵检测系统存在着检测网络未知攻击困难、漏报率高、自身性能难以适应大规模网络数据的处理等缺点.在入侵检测过程中引入了一种大规模数据筛选算法,并对其进行改进,有效地进行了数据的约简,约简后的小样本数据应用于基于支持向量机的网络入侵检测系统中,使其能够在较短时间内处理大规模网络数据.实验结果表明,该改进算法能有效地筛选出边界向量,在很少降低检测精度的情况下有效地减少了检测模型的建立时间,从而提高了检测速度.     

一种入侵检测的分类方法研究

针对传统的入侵检测算法精度低,结果稳定性差的问题,提出了一种基于构造性核函数覆盖聚类和最大化最小概率机器回归方法的入侵检测算法。首先,利用核函数覆盖将原空间的待分类样本映射到一个高维的特征空间中,使得样本变得线性可分;然后通过控制错分率实现分类的最大化,并利用最大最小概率机的高维映射泛化特性,实现了不同核函数下的数据多维分类问题。实验结果证明,该算法具有分类准确率高、稳定性好的特点。     

灰色理论在入侵检测技术中的应用研究

灰色理论作为网络技术的重要应用,近年来得到广泛研究.建立了一种基于GM(1,1)模型的入侵检测数据拟合补缺预处理模型,以及一种基于灰关联的监测指标简约算法.它们具有要求样本量少,复杂性较低,程序实现较为容易,对更新快的样本数据有很强针对性等特点,并进行了实证分析.结果显示,它们可以明显减少系统资源占用量,提高监测的实时性和准确性,降低检测的误检率和漏检率.     

入侵检测技术研究综述

近年来,入侵检测已成为网络安全领域的热点课题。异常检测和误用检测是入侵检测的主要分析方法,前者包括统计分析、模式预测、神经网络、遗传算法、序列匹配与学习、免疫系统、基于规范、数据挖掘、完整性检查和贝叶斯技术,后者包括专家系统、基于模型、状态转换分析、Petri网络、协议分析和决策树,其它还有报警关联分析、可视化和诱骗等分析技术。入侵检测系统的体系结构分为集中式结构和分布式结构,高性能检测技术、分布式构架、系统评估、标准化和安全技术融合是其今后重要的发展方向。     

A differentiated one-class classification method with applications to intrusion detection

Intrusion detection has become an indispensable tool to keep information systems safe and reliable. Most existing anomaly intrusion detection techniques treat all types of attacks as equally important without any differentiation of the risk they pose to the information system. Although detection of all intrusions is important, certain types of attacks are more harmful than others and their detection is critical to protection of the system. This paper proposes a new one-class classification method with differentiated anomalies to enhance intrusion detection performance for harmful attacks. We also propose new extracted features for host-based intrusion detection based on three viewpoints of system activity such as dimension, structure, and contents. Experiments with simulated dataset and the DARPA 1998 BSM dataset show that our differentiated intrusion detection method performs better than existing techniques in detecting specific type of attacks. The proposed method would benefit even other applications in anomaly detection area beyond intrusion detection.     

入侵检测技术研究

入侵检测系统通过监视运行系统的状态与活动,检测出非授权和恶意的网络访问行为,及时产生入侵告警,为入侵对抗提供有效的支持,文中从网络安全和网络入侵入手,分析了现有入侵检测系统（IDS）实现策略和公共入侵检测框架（CIDF）理论。     

入侵检测技术的挑战与发展

入侵检测系统(IDS,Intrusion Detection System)作为一种主动检测系统,已逐渐成为重要的安全工具。在介绍了入侵检测系统的分类和原理的基础上,讨论了目前IDS面临的主要挑战,最后就IDS技术的发展方向做了较为详尽的探讨。     

A comparative evaluation of intrusion detection architectures for mobile ad hoc networks

Mobile Ad Hoc Networks (MANETs) are susceptible to a variety of attacks that threaten their operation and the provided services. Intrusion Detection Systems (IDSs) may act as defensive mechanisms, since they monitor network activities in order to detect malicious actions performed by intruders, and then initiate the appropriate countermeasures. IDS for MANETs have attracted much attention recently and thus, there are many publications that propose new IDS solutions or improvements to the existing. This paper evaluates and compares the most prominent IDS architectures for MANETs. IDS architectures are defined as the operational structures of IDSs. For each IDS, the architecture and the related functionality are briefly presented and analyzed focusing on both the operational strengths and weaknesses. Moreover, methods/techniques that have been proposed to improve the performance and the provided security services of those are evaluated and their shortcomings or weaknesses are presented. A comparison of the studied IDS architectures is carried out using a set of critical evaluation metrics, which derive from: (i) the deployment, architectural, and operational characteristics of MANETs; (ii) the special requirements of intrusion detection in MANETs; and (iii) the carried analysis that reveals the most important strengths and weaknesses of the existing IDS architectures. The evaluation metrics of IDSs are divided into two groups: the first one is related to performance and the second to security. Finally, based on the carried evaluation and comparison a set of design features and principles are presented, which have to be addressed and satisfied in future research of designing and implementing IDSs for MANETs.     

A comparative study of cloud classification techniques

The purpose of this study was to determine the importance of infrared vs. visual features, textural vs. spectral features, hierarchical vs. single-stage decision logic, and quadratic vs. linear discriminant functions for classification of NOAA-1 visible and infrared tropical cloud data. Both a four-class problem, in which cloud types were grouped into (1) “low”, (2) “mix”, (3) “cirrus”, and (4) “cumulonimbus” classes, and a three-class problem, in which the “mix” class was excluded, were analyzed. The addition of at least one visual spectral feature to infrared spectral features improved the ability of the classifier to recognize all cloud classes except “low”. Combining textural features with spectral features did not significantly improve classification results achieved using only spectral features. For the four-class problem, a classification accuracy of 91% was obtained by using a two-stage variation of a single-stage, maximum likelihood classifier. For the three-class problem, classification accuracies of 98% were obtained using either single-stage or hierarchical decision logic and either quadratic or linear discriminant functions.     

不平衡入侵检测数据的代价敏感分类策略*

提出一种新的预处理算法AdaP,不仅有效避免了数据过度拟合,且可独立使用。针对不平衡的入侵检测数据集,引入代价敏感机制,基于权值矩阵最小化误分类代价的思想,去除部分训练密集区域、拓展稀疏区域的同时再过滤噪声,最终实现了AdaP算法与AdaCost算法相结合的策略。实验证明此策略充分体现了提升算法有效提升前端弱分类算法分类精度和预处理算法平衡稀有类数据的优势,且可有效提高不平衡入侵检测数据的分类性能。