共查询到20条相似文献,搜索用时 46 毫秒
1.
A simple and efficient hidden Markov model scheme for host-based anomaly intrusion detection 总被引:1,自引:0,他引:1
Extensive research activities have been observed on network-based intrusion detection systems (IDSs). However, there are always some attacks that penetrate trafficprofiling- based network IDSs. These attacks often cause very serious damages such as modifying host critical files. A host-based anomaly IDS is an effective complement to the network IDS in addressing this issue. This article proposes a simple data preprocessing approach to speed up a hidden Markov model (HMM) training for system-call-based anomaly intrusion detection. Experiments based on a public database demonstrate that this data preprocessing approach can reduce training time by up to 50 percent with unnoticeable intrusion detection performance degradation, compared to a conventional batch HMM training scheme. More than 58 percent data reduction has been observed compared to our prior incremental HMM training scheme. Although this maximum gain incurs more degradation of false alarm rate performance, the resulting performance is still reasonable. 相似文献
2.
《IEEE transactions on systems, man and cybernetics. Part C, Applications and reviews》2008,38(5):649-659
3.
Silvio E. Quincozes Carlos Raniery Raul Ceretta Nunes Célio Albuquerque Diego Passos Daniel Mossé 《International Journal of Network Management》2021,31(3):e2111
Intrusion detection systems (IDSs) are a fundamental component of defense solutions. In particular, IDSs aim to detect malicious activities on computer systems and networks by relying on data classification models built from a training dataset. However, classifiers' performance can vary for each attack pattern. A common technique to overcome this issue is to use ensemble methods, where multiple classifiers are employed and a final decision is taken combining their outputs. Despite the potential advantages of such an approach, its usefulness is limited in scenarios where (i) multiple expert classifiers present divergent results, (ii) all classifiers present poor results due to lack of representative features, or (iii) detectors have insufficient labeled signatures to train their classifiers for a specific attack pattern. In this work, we introduce the concept of a counselors network to deal with conflicts from different classifiers by exploiting the collaboration among IDSs that analyze multiple and heterogeneous data sources. Empirical results demonstrate the feasibility of the proposed architecture in improving the accuracy of the intrusion detection process. 相似文献
4.
Intrusion detection in wireless ad hoc networks 总被引:3,自引:0,他引:3
Intrusion detection has, over the last few years, assumed paramount importance within the broad realm of network security, more so in the case of wireless ad hoc networks. These are networks that do not have an underlying infrastructure; the network topology is constantly changing. The inherently vulnerable characteristics of wireless ad hoc networks make them susceptible to attacks, and it may be too late before any counter action can take effect. Second, with so much advancement in hacking, if attackers try hard enough they will eventually succeed in infiltrating the system. This makes it important to constantly (or at least periodically) monitor what is taking place on a system and look for suspicious behavior. Intrusion detection systems (IDSs) do just that: monitor audit data, look for intrusions to the system, and initiate a proper response (e.g., email the systems administrator, start an automatic retaliation). As such, there is a need to complement traditional security mechanisms with efficient intrusion detection and response. In this article we present a survey on the work that has been done in the area of intrusion detection in mobile ad hoc networks. 相似文献
5.
基于隐马尔可夫模型的用户行为异常检测新方法 总被引:2,自引:0,他引:2
提出一种基于隐马尔可夫模型的用户行为异常检测方法,主要用于以shell命令为审计数据的主机型入侵检测系统。与Lane T提出的检测方法相比,所提出的方法改进了对用户行为模式和行为轮廓的表示方式,在HMM的训练中采用了运算量较小的序列匹配方法,并基于状态序列出现概率对被监测用户的行为进行判决。实验表明,此方法具有很高的检测准确度和较强的可操作性。 相似文献
6.
TIAN Xin-guang GAO Li-zhi SUN Chun-lai DUAN Mi-yi ZHANG Er-yang.School of Electronic Science Engineering National University of Defense Technology Changsha P.R. China .Department of Electronic Engineering Tsinghua University Beijing P.R. China .Research Institute of Beijing Capitel Group Corporation Beijing P.R. China .Institute of Computing Technology Beijing Jiaotong University Beijing P.R. China 《中国邮电高校学报(英文版)》2006,13(2):61-78
1Introduction Intrusiondetectiontechniquescanbecategorizedinto misusedetectionandanomalydetection.Misusedetec tionsystemsmodelattacksasspecificpatterns,anduse thepatternsofknownattackstoidentifyamatchedac tivityasanattackinstance.Anomalydetectionsystems u… 相似文献
7.
8.
Intrusion detection systems (IDS) are systems aimed at analyzing and detecting security problems. The IDS may be structured into misuse and anomaly detection. The former are often signature/rule IDS that detect malicious software by inspecting the content of packets or files looking for a “signature” labeling malware. They are often very efficient, but their drawback stands in the weakness of the information to check (eg, the signature), which may be quickly dated, and in the computation time because each packet or file needs to be inspected. The IDS based on anomaly detection and, in particular, on statistical analysis have been originated to bypass the mentioned problems. Instead of inspecting packets, each traffic flow is observed so getting a statistical characterization, which represents the fingerprint of the flow. This paper introduces a statistical analysis based intrusion detection system, which, after extracting the statistical fingerprint, uses machine learning classifiers to decide whether a flow is affected by malware or not. A large set of tests is presented. The obtained results allow selecting the best classifiers and show the performance of a decision maker that exploits the decisions of a bank of classifiers acting in parallel. 相似文献
9.
10.
11.
As one of the backup measures of intrusion prevention techniques, intrusion detection plays a paramount role in the second
defense line of computer networks. Intrusion detection in wireless mesh networks (WMNs) is especially challenging and requires
particular design concerns due to their special infrastructure and communication mode. In this paper, we propose a novel anomaly
detection system, termed RADAR, to detect and handle anomalous mesh nodes in wireless mesh networks. Specifically, reputation is introduced to characterize and quantify a node’s behavior in terms of fine-grained performance metrics of interest. The
dual-core detection engine of RADAR then explores spatio-temporal property of such behavior to manifest the deviation between
that of normal and anomalous nodes. Although the current RADAR prototype is only implemented with routing protocols, the design
architecture allows it to be easily extended to cross-layer anomaly detection where anomalous events occur at different layers
and can be resulted by either intentional intrusion or accidental network failure. The simulation results demonstrate that
RADAR can achieve high detection accuracy, low computational complexity, and low false positive rate. 相似文献
12.
Ajay Kumar K. Abhishek M.R. Ghalib A. Shankar X. Cheng 《Digital Communications & Networks》2022,8(4):540-551
Internet of Things (IoT) security is the act of securing IoT devices and networks. IoT devices, including industrial machines, smart energy grids, and building automation, are extremely vulnerable. With the goal of shielding network systems from illegal access in cloud servers and IoT systems, Intrusion Detection Systems (IDSs) and Network-based Intrusion Prevention Systems (NBIPSs) are proposed in this study. An intrusion prevention system is proposed to realize NBIPS to safeguard top to bottom engineering. The proposed NBIPS inspects network activity streams to identify and counteract misuse instances. The NBIPS is usually located specifically behind a firewall, and it provides a reciprocal layer of investigation that adversely chooses unsafe substances. Network-based IPS sensors can be installed either in an inline or a passive model. An inline sensor is installed to monitor the traffic passing through it. The sensors are installed to stop attacks by blocking the traffic using an IoT signature-based protocol. 相似文献
13.
文中讨论了误用和异常入侵检测技术存在的不足,提出结合误用检测和异常检测的入侵检测系统模型,该系统利用规则匹配检测已知入侵,利用免疫算法检测未知入侵并更新规则数据库,检测效率较高。 相似文献
14.
论文提出的基于组件的网络型入侵检测系统,具有良好的分布性和可扩展性。它将基于网络和基于主机的入侵检测系统有机地结合起来,提供集成化的检测、报告和响应功能。 相似文献
15.
《Digital Communications & Networks》2022,8(6):1068-1076
Intrusion is any unwanted activity that can disrupt the normal functions of wired or wireless networks. Wireless mesh networking technology has been pivotal in providing an affordable means to deploy a network and allow omnipresent access to users on the Internet. A multitude of emerging public services rely on the widespread, high-speed, and inexpensive connectivity provided by such networks. The absence of a centralized network infrastructure and open shared medium makes WMNs particularly susceptible to malevolent attacks, especially in multihop networks. Hence, it is becoming increasingly important to ensure privacy, security, and resilience when designing such networks. An effective method to detect possible internal and external attack vectors is to use an intrusion detection system. Although many Intrusion Detection Systems (IDSs) were proposed for Wireless Mesh Networks (WMNs), they can only detect intrusions in a particular layer. Because WMNs are vulnerable to multilayer security attacks, a cross-layer IDS are required to detect and respond to such attacks. In this study, we analyzed cross-layer IDS options in WMN environments. The main objective was to understand how such schemes detect security attacks at several OSI layers. The suggested IDS is verified in many scenarios, and the experimental results show its efficiency. 相似文献
16.
17.
异常检测是目前入侵检测系统(IDS)研究的主要方向。该文提出一种基于shell命令和Markov链模型的用户行为异常检测方法,该方法利用一阶齐次Markov链对网络系统中合法用户的正常行为进行建模,将Markov链的状态与用户执行的shell命令联系在一起,并引入一个附加状态;Markov链参数的计算中采用了运算量较小的命令匹配方法;在检测阶段,基于状态序列的出现概率对被监测用户当前行为的异常程度进行分析,并提供了两种可选的判决方案。文中提出的方法已在实际入侵检测系统中得到应用,并表现出良好的检测性能。 相似文献
18.
19.
Intrusion-detection systems aim at detecting attacks against computer systems and networks, or in general against information systems. Indeed, it is difficult to provide provably secure information systems and to maintain them in such a secure state during their lifetime and utilization. Sometimes, legacy or operational constraints do not even allow the definition of a fully secure information system. Therefore, intrusion- detection systems have the task of monitoring the usage of such systems to detect apparition of insecure states. They detect attempts and active misuse, either by legitimate users of the information systems or by external parties, to abuse their privileges or exploit security vulnerabilities. In a previous paper [Computer networks 31, 805–822 (1999)], we introduced a taxonomy of intrusion- detection systems that highlights the various aspects of this area. This paper extends the taxonomy beyond real- time intrusion detection to include additional aspects of security monitoring, such as vulnerability assessment. 相似文献