Small-time scale network traffic prediction based on flexible neural tree

In this paper, the flexible neural tree (FNT) model is employed to predict the small-time scale traffic measurements data. Based on the pre-defined instruction/operator sets, the FNT model can be created and evolved. This framework allows input variables selection, over-layer connections and different activation functions for the various nodes involved. The FNT structure is developed using the Genetic Programming (GP) and the parameters are optimized by the Particle Swarm Optimization algorithm (PSO). The experimental results indicate that the proposed method is efficient for forecasting small-time scale traffic measurements and can reproduce the statistical features of real traffic measurements. We also compare the performance of the FNT model with the feed-forward neural network optimized by PSO for the same problem.     

Database intrusion detection using sequence alignment

Information is considered to be the most valuable asset of any organization and hence, it should be securely maintained. However, rapid proliferation of the Internet and Web applications has increased the threat of information security breaches. Traditional database security mechanisms are often not sufficient to protect sensitive information against novel attacks. Intrusion detection systems (IDS) are used to detect any such intrusion, once traditional security mechanisms have been compromised. User-level profile is effective for database intrusion detection, but maintaining such profiles is not practical for an organization with a large number of users. Thus, an IDS needs to be flexible enough to choose a profile granularity according to the type of the organization. Further, only intra-transactional pattern matching for intrusion detection is not quite effective for detecting intrusion in a database. We propose an IDS that uses inter-transactional as well as intra-transactional features for intrusion detection. It supports selection of profile and transactional feature granularity as well. We use sequence alignment as a tool for comparing database access patterns of genuine users and intruders.     

MOVIH-IDS: A mobile-visualization hybrid intrusion detection system

A novel hybrid artificial intelligent system for intrusion detection, called MObile-VIsualization Hybrid IDS (MOVIH-IDS), is presented in this study. A hybrid model built by means of a multiagent system that incorporates an unsupervised connectionist intrusion detection system (IDS) has been defined to guaranty an efficient computer network security architecture. This hybrid IDS facilitates the intrusion detection in dynamic networks, in a more flexible and adaptable manner. The proposed improvement of the system in this paper includes deliberative agents characterized by the use of an unsupervised connectionist model to identify intrusions in computer networks. This hybrid IDS has been probed through several real anomalous situations related to the simple network management protocol as it is potentially dangerous. Experimental results probed the successful detection of such attacks through MOVIH-IDS.     

A parallel evolving algorithm for flexible neural tree

In the past few decades, much success has been achieved in the use of artificial neural networks for classification, recognition, approximation and control. Flexible neural tree (FNT) is a special kind of artificial neural network with flexible tree structures. The most distinctive feature of FNT is its flexible tree structures. This makes it possible for FNT to obtain near-optimal network structures using tree structure optimization algorithms. But the modeling efficiency of FNT is always a problem due to its two-stage optimization. This paper designed a parallel evolving algorithm for FNT (PE-FNT). This algorithm uses PIPE algorithm to optimize tree structures and PSO algorithm to optimize parameters. The evaluation processes of tree structure populations and parameter populations were both parallelized. As an implementation of PE-FNT algorithm, two parallel programs were developed using MPI. A small data set, two medium data sets and three large data sets were applied for the performance evaluations of these programs. Experimental results show that PE-FNT algorithm is an effective parallel FNT algorithm especially for large data sets.     

A Context Adaptive Intrusion Detection System for MANET

Due to the ad hoc and mobile nature of a MANET, it is much more vulnerable to attacks than a wired network. As a result, there has been a significant research focusing on designing an Intrusion Detection System (IDS) for MANETs to detect anomalous behavior and misuse. However, each mobile node in a MANET typically has limited energy and thus it is not efficient to perform IDS functions within a node to detect every incoming packet. There is a need for an IDS to implement an intelligent control mechanism in order to monitor and recognize security breach attempts efficiently over a period of the expected network lifetime. By leveraging the Network Node Intrusion Detection (NNID) strategy, we developed a context adaptive IDS controller that advises an IDS to carry out intrusion detection while being prepared for a possible “cut through” if it is likely that the residual energy is not sufficient. By being embedded with the context adaptive IDS controller, the proposed Context Adaptive Intrusion Detection System (CAIDS) is able to adapt to the current node context (such as residual energy, security threats and traffic loading) for accommodating and inspecting new arriving packets. The performance is evaluated using a reward function that discovers an effective way to perform intrusion detection and delivers security benefits while meeting the energy budget. The numerical results show that CAIDS offers a good trade-off between lifetime performance and security. This study demonstrates empirically that the CAIDS model intelligently monitors and recognizes security breach attempts while adhering to the resource budget plan over the period of expected network lifetime.     

基于粗糙集的进化神经网络入侵检测系统研究

针对目前实时入侵检测系统所处理的网络数据具有的非线性和高维的特点,提出基于粗糙集理论的进化神经网络入侵检测方法。对网络中截获的数据,利用粗糙集属性约简方法对其属性集进行约简,得到影响分类精度的重要属性。把约简后形成的训练样本进行数值化和归一化处理,作为神经网络的输入数据,再利用遗传算法较强的宏观搜索能力和全局寻优的特点,优化神经网络权值,并在此基础上进行神经网络学习,从而建立入侵检测系统的优化分析模型。实验结果表明,该算法学习速度快,有效提高了入侵检测系统的检测效率。     

一种基于数据挖掘技术的入侵检测模型研究

入侵检测系统是一种检测网络入侵行为并能够主动保护自己免受攻击的一种网络安全技术,是网络防火墙的合理补充。文中分析了入侵检测系统的通用模型,介绍了入侵检测系统的分类,给出了传统的网络检测技术,在此基础上,详细讨论了数据挖掘技术及其在入侵检测系统中的应用,提出了一个基于数据挖掘技术的入侵检测模型,该模型采用了数据挖掘中的分类算法和关联规则。经过实际测试,该模型能够使网络入侵检测更加自动化,提高检测效率和准确度。     

Wired and wireless intrusion detection system: Classifications, good characteristics and state-of-the-art

In computer and network security, standard approaches to intrusion detection and response attempt to detect and prevent individual attacks. Intrusion Detection System (IDS) and intrusion prevention systems (IPS) are real-time software for risk assessment by monitoring for suspicious activity at the network and system layer. Software scanner allows network administrator to audit the network for vulnerabilities and thus securing potential holes before attackers take advantage of them.

In this paper we try to define the intruder, types of intruders, detection behaviors, detection approaches and detection techniques. This paper presents a structural approach to the IDS by introducing a classification of IDS. It presents important features, advantages and disadvantages of each detection approach and the corresponding detection techniques. Furthermore, this paper introduces the wireless intrusion protection systems.

The goal of this paper is to place some characteristics of good IDS and examine the positioning of intrusion prevention as part of an overall layered security strategy and a review of evaluation criteria for identifying and selecting IDS and IPS. With this, we hope to introduce a good characteristic in order to improve the capabilities for early detection of distributed attacks in the preliminary phases against infrastructure and take a full spectrum of manual and automatic response actions against the source of attacks.     

入侵检测系统的发展与研究

入侵检测 (IDS)技术是一种新兴网络安全技术 ,它是一种基于主动策略的网络安全系统 ,是对传统的安全策略的补充 ,是网络安全系统中的重要组成部分。文中分析了IDS的历史和现状 ,说明现有IDS的不足及其发展趋势。     

高校办公网入侵检测系统研究

随着计算机和网络技术的发展,网络入侵事件的日益增加,人们发现只从防御的角度构造安全系统是不够的,入侵检测成为继“防火墙”、“数据加密”等传统安全保护措施后新一代的网络安全保障技术。本文首先介绍入侵检测原理和分布式入侵检测方面的相关工作,在分析已有分布式入侵检测系统模型的基础上,提出了一个基于代理的校园网入侵检测系统模型框架。该模型采用分布式的体系结构,由一个代理控制中心和若干代理组成,结合了基于网络和基于主机的入侵检测方法。使用代理技术在分布式环境下对入侵进行检测,可以有效地检测各种入侵,并具有很好的可扩充性。     

多代理分布式入侵检测系统在校园网中的应用

近年来，入侵检测系统(IDS)作为信息系统安全的重要组成部分，得到了广泛的重视。可以看到，仅仅采用防火墙技术来构造网络的安全体系是远远不够的，很多攻击可以绕过防火墙。入侵检测技术可以在网络系统受到损害前对入侵行为做出拦截和响应。基于代理的分布式入侵检测系统实现了基于主机和基于网络检测的结合，为网络系统提供更好的安全保护。文中针对防火墙技术的不足，在对入侵检测技术及其通用架构做出分析和研究后，设计了一种基于代理的分布式入侵检测系统，并给出了在某校园网中的实现。     

一种基于多Agent的分布式入侵检测系统设计

在分析现有基于Agent的入侵检测系统的基础上,提出了一种基于多Agent分布式入侵检测系统模型。该模型采用了分布检测、分布响应的模式,各Agent之间具有良好的相对独立性。通过多Agent技术的思想建立系统总体结构,给出了模型的各个组成部分,并对结构中各种Agent与中心控制台的功能设计进行了分析。同时对涉及到特征匹配算法、动态选举算法、协同算法进行了初步的设计与分析。系统可充分利用各Agent的协同完成入侵检测任务,实时响应,可有效地改进传统IDS。     

An intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection

Intrusion detection system (IDS) is to monitor the attacks occurring in the computer or networks. Anomaly intrusion detection plays an important role in IDS to detect new attacks by detecting any deviation from the normal profile. In this paper, an intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection is proposed. The key idea is to take the advantage of support vector machine (SVM), decision tree (DT), and simulated annealing (SA). In the proposed algorithm, SVM and SA can find the best selected features to elevate the accuracy of anomaly intrusion detection. By analyzing the information from using KDD’99 dataset, DT and SA can obtain decision rules for new attacks and can improve accuracy of classification. In addition, the best parameter settings for the DT and SVM are automatically adjusted by SA. The proposed algorithm outperforms other existing approaches. Simulation results demonstrate that the proposed algorithm is successful in detecting anomaly intrusion detection.     

Decision tree based light weight intrusion detection using a wrapper approach

The objective of this paper is to construct a lightweight Intrusion Detection System (IDS) aimed at detecting anomalies in networks. The crucial part of building lightweight IDS depends on preprocessing of network data, identifying important features and in the design of efficient learning algorithm that classify normal and anomalous patterns. Therefore in this work, the design of IDS is investigated from these three perspectives. The goals of this paper are (i) removing redundant instances that causes the learning algorithm to be unbiased (ii) identifying suitable subset of features by employing a wrapper based feature selection algorithm (iii) realizing proposed IDS with neurotree to achieve better detection accuracy. The lightweight IDS has been developed by using a wrapper based feature selection algorithm that maximizes the specificity and sensitivity of the IDS as well as by employing a neural ensemble decision tree iterative procedure to evolve optimal features. An extensive experimental evaluation of the proposed approach with a family of six decision tree classifiers namely Decision Stump, C4.5, Naive Baye’s Tree, Random Forest, Random Tree and Representative Tree model to perform the detection of anomalous network pattern has been introduced.     

入侵检测系统发展的研究综述

With the fast development of Internet,more and more computer security affairs appear. Researchers have developed many security mechanisms to improve computer security ,including intrusion detection (ID). This paper re-views the history of intrusion detection systems (IDS)and mainstream techniques used in IDS,showing that IDS couldimprove security only provided that it is devised based on the architecture of the target system. From this, we could see the trend of integration of host-oriented ,network-oriented and application-oriented IDSs.     

内置入侵检测功能的防火墙设计

给出了内置入侵检测功能的防火墙设计方案,将入侵检测功能与用户设置安全策略集成一体。即使安全策略允许所有通信流量传输,入侵检测功能仍具备检测和拦截极具攻击性的行为和企图,增强了防火墙的功能,为网络防卫带来了灵活性。     

Network attack detection scheme based on variational quantum neural network

Network attack may have a serious impact on network security. With the rapid development of quantum machine learning, variational quantum neural network (VQNN) has demonstrated quantum advantages in classification problems. The intrusion detection system (IDS) based on quantum machine learning has higher accuracy and efficiency than the IDS based on traditional machine learning. In this work, we propose a intrusion detection scheme based on VQNN, which is composed of variational quantum circuit (VQC) and classical machine learning (ML) strategy. In order to verify the effectiveness of the scheme, we used the VQNN model and some classic ML models (Such as artificial neural network, support vector machines, K-Nearest Neighbors, Naive Bayes, decision tree) to conduct comparative experiments. The results indicate that the proposed IDS model based on VQNN has a 97.21% precision, which is higher than other classic IDS models. Furthermore, our VQC can be deployed on the overwhelming majority of recent noisy intermediate-scale quantum machines (such as IBM). This research will contribute to the construction of general variational quantum framework and experimental design and highlight the potential hopes and challenges of hybrid quantum classical learning schemes.

     

入侵检测技术研究综述

近年来,入侵检测已成为网络安全领域的热点课题。异常检测和误用检测是入侵检测的主要分析方法,前者包括统计分析、模式预测、神经网络、遗传算法、序列匹配与学习、免疫系统、基于规范、数据挖掘、完整性检查和贝叶斯技术,后者包括专家系统、基于模型、状态转换分析、Petri网络、协议分析和决策树,其它还有报警关联分析、可视化和诱骗等分析技术。入侵检测系统的体系结构分为集中式结构和分布式结构,高性能检测技术、分布式构架、系统评估、标准化和安全技术融合是其今后重要的发展方向。     

A comparison of Intrusion Detection systems

A computer system intrusion is seen as any set of actions that attempt to compromise the integrity, confidentiality or availability of a resource.[1] The introduction of networks and the Internet caused great concern about the protection of sensitive information and have resulted in many computer security research efforts during the past few years. Although preventative techniques such as access control and authentication attempt to prevent intruders, these can fail, and as a second line of defence, intrusion detection has been introduced. Intrusion detection systems (IDS) are implemented to detect an intrusion as it occurs, and to execute countermeasures when detected.Usually, a security administrator has difficulty in selecting an IDS approach for his unique set-up. In this Report, different approaches to intrusion detection systems are compared, to supply a norm for the best-fit system. The results would assist in the selection of a single appropriate intrusion detection system or combine approaches that best fit any unique computer system.     

基于异常和特征的入侵检测系统模型

目前大多数入侵检测系统(Intrusion Detection System，IDS)没有兼备检测已知和未知入侵的能力，甚至不能检测已知入侵的微小变异，效率较低。本文提出了一种结合异常和特征检测技术的IDS。使用单一技术的IDS存在严重的缺点，为提高其效率，唯一的解决方案是两者的结合，即基于异常和特征的入侵检测。异常检测能发现未知入侵，而基于特征的检测能发现已知入侵，结合两者而成的基于异常和特征的入侵检测系统不但能检测已知和未知的入侵，而且能更新基于特征检测的数据库，因而具有很高的效率。