共查询到20条相似文献,搜索用时 0 毫秒
1.
Zhang Hongbin Yi Yuzi Wang Junshe Cao Ning Duan Qiang 《Multimedia Tools and Applications》2019,78(21):30257-30270
Multimedia Tools and Applications - The Social Internet of Things (SIoT) is a combination of the Internet of Things (IoT) and social networks, which enables better service discovery and improves... 相似文献
2.
针对传统的IDS规则更新方法基本只能提取已知攻击行为的特征,或者在原有特征的基础上寻找最佳的一般表达式,无法针对当前发生的热点网络安全事件做出及时更新,提出基于威胁情报的自动生成入侵检测规则方法.文章分类模块使用Word2Vec进行特征提取,利用AdaBoost算法训练文章分类模型获取威胁情报文本;定位IoC所在的段落... 相似文献
3.
4.
5.
Papanikolaou Alexandros Alevizopoulos Aggelos Ilioudis Christos Demertzis Konstantinos Rantos Konstantinos 《International Journal of Information Security》2023,22(5):1511-1530
International Journal of Information Security - Timely detection and effective treatment of cyber-attacks for protecting personal and sensitive data from unauthorized disclosure constitute a core... 相似文献
6.
Ensuring cyber security is a complex task that relies on domain knowledge and requires cognitive abilities to determine possible threats from large amounts of network data. This study investigates how knowledge in network operations and information security influence the detection of intrusions in a simple network. We developed a simplified Intrusion Detection System (IDS), which allows us to examine how individuals with or without knowledge in cyber security detect malicious events and declare an attack based on a sequence of network events. Our results indicate that more knowledge in cyber security facilitated the correct detection of malicious events and decreased the false classification of benign events as malicious. However, knowledge had less contribution when judging whether a sequence of events representing a cyber-attack. While knowledge of cyber security helps in the detection of malicious events, situated knowledge regarding a specific network at hand is needed to make accurate detection decisions. Responses from participants that have knowledge in cyber security indicated that they were able to distinguish between different types of cyber-attacks, whereas novice participants were not sensitive to the attack types. We explain how these findings relate to cognitive processes and we discuss their implications for improving cyber security. 相似文献
7.
并行入侵检测系统的预测负载均衡方法 总被引:1,自引:0,他引:1
数据流的高速化使得网络入侵检测系统(network intrusion detection system,NIDS)往往会出现严重的漏报率,并且面对某连接上突发流量的情况,基于连接的负载均衡很难做出较好的应对措施,针对该问题,提出了一种基于包预测的并行入侵检测的负载均衡方案。该方案通过观察每个探测器上数据包的进出情况,由包预测负载均衡算法预测下一个时刻各探测器上的负载情况,避免了将新连接加入到流量突发探测器的可能,提高了负载均衡的效率。仿真实验结果表明了该方案的可行性及有效性,它能有效的均衡负载,减少系统的丢包率。 相似文献
8.
9.
Neural Computing and Applications - The smart grid is a revolutionary, intelligent, next-generation power system. Due to its cyber infrastructure nature, it must be able to accurately and detect... 相似文献
10.
入侵检测技术是网络安全领域中的新技术,但它发展还不成熟,很多攻击方法利用它的缺陷进行攻击。其中小IP报文攻击利用Windows和Linux对有数据重叠的报文处理方式不一样进行攻击。论文提出了小IP报文攻击的入侵检测方法,并采用Snort工具进行实验,使得Snort和被保护主机对有数据重叠的报文的处理方式一致,从而使Snort发生误报、漏报的次数明显减少,为实现网络安全提供了有益的借鉴。 相似文献
11.
针对传统通信网络入侵检测系统负载不均而导致检测精准度低的问题,提出了基于负载预测的通信网络入侵检测系统设计;设计系统硬件结构,使用T-KOKO型监听器及带有监听面板AP-9812M的语音信息监听工具,使用HDMI分配器传输监听信号,选择JY211-QTQ-04型号光缆探测器,其内部含有发射机和接收机,用于发射和接收数据,采用TCP继电器控制器用于改变指令正常执行的顺序;确定负载指标,动态调整负载预测策略,保证负载均衡,并通过hash函数获取网络攻击行初始判别概率向量,实现通信网络入侵检测;由实验结果可知,该系统的运行时间平均值为86.3 s,吞吐率平均为74 Mbps,网络入侵检测准确率平均值为95%,证明所设计通信网络入侵检测系统运行时间较短,吞吐量较高,证明了该系统的检测速度较快,且检测准确率较好,能够为通信网络的安全运行提供系统支持。 相似文献
12.
13.
14.
分布式拒绝服务(DDoS)攻击是网络环境中最具破坏力的攻击方式之一,现有基于机器学习的攻击检测方法往往直接将某时刻的特征值代入分类器进行分类,没有考虑相邻时刻特征之间的联系,因而导致误报率和漏报率较高。提出一种基于隐马尔科夫模型HMM时间序列预测和混沌模型的DDoS攻击检测方法。针对大规模攻击网络流量的突发性,定义网络流量加权特征NTWF和网络流平均速率NFAR二元组来描述网络流量的特点;然后采用层次聚类算法对训练集进行分类,以获取隐层状态HLS序列,利用NTWF序列和HLS序列对HMM进行监督学习获得状态转移矩阵和混淆矩阵,以预测NTWF序列;最后通过混沌模型分析NTWF序列的预测误差,结合基于NFAR的规则来识别攻击行为。实验结果表明,与同类方法相比,所提方法具有较低的误报率和漏报率。 相似文献
15.
翁广安 《计算机工程与应用》2014,(12):96-99,119
为解决目前网络负载异常入侵检测领域缺乏有效、针对性的测试数据集的问题,提出一种基于虚拟关键字的构造模拟网络数据集的方法。并用它对基于字节频度分布的异常检测模型进行了测试分析。实验结果表明,模拟数据集提供了一种负载内容异常程度可控的测试数据集;检测阈值和网络环境的数据特性包括数据包尺寸分布情况、异常和正常访问相对于训练数据的偏离程度等有关。单包频度分布模型相比连接模型对负载数据异常程度的变动有更好的灵敏度。 相似文献
16.
为了更全面地检测到在系统和网络中的入侵行为,本文将信息融合技术用于入侵检测.首先,利用支持向量机进行分类,将基于主机的审计数据和基于网络的流量数据包分别训练,然后利用D—s证据理论按照一定的规则对两个支持向量机的预测结果进行决策层的融合。把基于主机的入侵检测和基于网络的入侵检测结合起来将大大提升入侵检测的性能,降低漏报率,提高准确率。 相似文献
17.
在基于事件的社会网络(EBSNs)的相关研究中,基于事件描述来预测社交事件参与度是难点问题。相关的研究非常有限,研究难度主要来自对事件描述评价的主观性和语言建模算法的局限性。针对这些问题,首先定义了成功事件、相似事件和事件相似度等概念,并基于这些概念将采集自Meetup平台的社交数据进行抽取,同时分别设计了基于拉索回归、卷积神经网络(CNN)和门控循环神经网络(GRNN)的分析预测方法。实验时,先从抽取过的数据中选取部分数据训练三种模型,然后用剩余的数据进行分析预测。结果显示,相较于不含事件描述的事件,经过拉索回归模型处理的事件在不同分类器下的预测准确率可提高2.35%~3.8%,经过GRNN模型处理的事件在不同分类器下的预测准确率可提高4.5%~8.9%,而CNN模型的处理结果不理想。证明了事件描述能够提高事件参与度,GRNN模型在三个模型中预测准确率最高。 相似文献
18.
在基于事件的社会网络(EBSNs)的相关研究中,基于事件描述来预测社交事件参与度是难点问题。相关的研究非常有限,研究难度主要来自对事件描述评价的主观性和语言建模算法的局限性。针对这些问题,首先定义了成功事件、相似事件和事件相似度等概念,并基于这些概念将采集自Meetup平台的社交数据进行抽取,同时分别设计了基于拉索回归、卷积神经网络(CNN)和门控循环神经网络(GRNN)的分析预测方法。实验时,先从抽取过的数据中选取部分数据训练三种模型,然后用剩余的数据进行分析预测。结果显示,相较于不含事件描述的事件,经过拉索回归模型处理的事件在不同分类器下的预测准确率可提高2.35%~3.8%,经过GRNN模型处理的事件在不同分类器下的预测准确率可提高4.5%~8.9%,而CNN模型的处理结果不理想。证明了事件描述能够提高事件参与度,GRNN模型在三个模型中预测准确率最高。 相似文献
19.
Statistical detection of mass malware has been shown to be highly successful. However, this type of malware is less interesting to cyber security officers of larger organizations, who are more concerned with detecting malware indicative of a targeted attack. Here we investigate the potential of statistically based approaches to detect such malware using a malware family associated with a large number of targeted network intrusions. Our approach is complementary to the bulk of statistical based malware classifiers, which are typically based on measures of overall similarity between executable files. One problem with this approach is that a malicious executable that shares some, but limited, functionality with known malware is likely to be misclassified as benign. Here a new approach to malware classification is introduced that classifies programs based on their similarity with known malware subroutines. It is illustrated that malware and benign programs can share a substantial amount of code, implying that classification should be based on malicious subroutines that occur infrequently, or not at all in benign programs. Various approaches to accomplishing this task are investigated, and a particularly simple approach appears the most effective. This approach simply computes the fraction of subroutines of a program that are similar to malware subroutines whose likes have not been found in a larger benign set. If this fraction exceeds around 1.5 %, the corresponding program can be classified as malicious at a 1 in 1000 false alarm rate. It is further shown that combining a local and overall similarity based approach can lead to considerably better prediction due to the relatively low correlation of their predictions. 相似文献
20.
Integration with information network not only facilitates Smart Grid with many unprecedented features, but also introduces many new security issues, such as false data injection and system intrusion. One of the biggest challenges in Smart Grid attack detection is how to fuse the heterogeneous data from the power system and information network. In this paper, a novel cyber–physical fusion approach is proposed to detect a Smart Grid attack Bad Data Injection (BDI), by merging both the features of the traffic flow in information network and the inherent physical laws in the power system into a unified model, named as Abnormal Traffic-indexed State Estimation (ATSE). The cyber security incidents, monitored by intrusion detection system (IDS), are quantized to serve as the impact factors that are incorporated into the bad data detection system based on state estimation model in power grid. Hundreds of attack cases are simulated on each transmission line of three IEEE standard systems to compare ATSE with current cyber, physical abnormal detection methods and cyber–physical fusion method, including IDS (Snort), bad data detection algorithm (Chi-square test) and SCPSE. The results indicate that ATSE can improve the detection rate 20% than the Chi-square Test on average, filter most false alarms generated by Snort, and solve the observability problem of SCPSE. 相似文献