一种基于多Agent的分布式入侵检测系统设计

在分析现有基于Agent的入侵检测系统的基础上,提出了一种基于多Agent分布式入侵检测系统模型。该模型采用了分布检测、分布响应的模式,各Agent之间具有良好的相对独立性。通过多Agent技术的思想建立系统总体结构,给出了模型的各个组成部分,并对结构中各种Agent与中心控制台的功能设计进行了分析。同时对涉及到特征匹配算法、动态选举算法、协同算法进行了初步的设计与分析。系统可充分利用各Agent的协同完成入侵检测任务,实时响应,可有效地改进传统IDS。     

组合出入口访问控制的防火墙系统研究

针对军事网络特殊安全需求,提出了一种组合出人口访问控制的网络边界安全防护手段,在抗网络攻击方面,采用包过滤防火墙与基于神经网络和基于协议分析和规则匹配的入侵检测技术相结合的方法,提高入侵检测的准确性;在防信息泄密方面,在出口访问控制中引入身份认证机制及内容审查和过滤机制,可建立更灵活的安全审计和访问控制策略,有效阻截敏感或涉密信息外泄,实现对泄密源的有效跟踪。     

一种新的半监督入侵检测算法

针对无监督学习的入侵检测算法准确度不高、监督学习的入侵检测算法训练样本难以获取的问题,提出了一种粒子群改进的K均值半监督入侵检测算法,利用少量的标记数据生成正确样本模型来指导大量的未标记数据聚类,对聚类后仍未能标记的数据采用粒群优化的K均值聚类,有效提高分类器的分类准确性,并实现了对新类型攻击的检测。实验结果表明,算法的整体检测效果明显优于基于无监督学习和监督学习的检测算法。     

基于D-S理论的入侵检测系统

单一的检测方法很难对所有的入侵获得很好的检测结果。所以,怎样将多种安全方法结合起来,为网络提供更加有效的安全保护,已经成为当前安全领域的研究热点之一。提出了一种基于数据融合的入侵检测系统,并将证据理论引入到网络安全中的入侵检测领域。该系统能够有效地解决单一检测算法无法对所有入侵都有很好检测效果的缺陷,并且相对于单一检测方法系统具有更好的可扩展性和鲁棒性。     

基于决策树及遗传算法的人工免疫入侵检测算法

针对传统的否定选择算法中生成大量无效抗体,并且抗体之间缺乏多样性的问题,设计了基于决策树及遗传算法的人工免疫入侵检测算法。将决策树和遗传算法引入传统的否定选择算法中,利用决策树计算抗原和抗体之间的亲和力,提出了新fitness的计算公式,并利用抗体浓度衡量抗体集的多样性,将低浓度抗体代替高浓度抗体,实现了抗体的多样性,确保了当抗体集的数量一定时尽可能覆盖最大的非自体集空间,以提高抗体集的性能。     

珠三角地区咸潮入侵预警预报信息系统的总体设计

珠江口由于淡水径流量小、河口较宽,潮水比较容易进入,每年都会发生不同程度的咸潮现象,咸潮对珠三角城市群构成整体威胁。本文提出预警预报系统设计思想,旨在从计算机软件层面通过预警系统加以模拟实现咸潮发生、发展的整个侵入过程,从而更加科学合理地制定珠三角咸潮的应对措施,为咸潮入侵应急预案提供决策依据。     

基于深度神经网络和联邦学习的网络入侵检测

在高速网络环境中,对复杂多样的网络入侵进行快速准确的检测成为目前亟待解决的问题。联邦学习作为一种新兴技术,在缩短入侵检测时间与提高数据安全性上取得了很好的效果,同时深度神经网络（DNN）在处理海量数据时具有较好的并行计算能力。结合联邦学习框架并将基于自动编码器优化的DNN作为通用模型,建立一种网络入侵检测模型DFC-NID。对初始数据进行符号数据预处理与归一化处理,使用自动编码器技术对DNN实现特征降维,以得到DNN通用模型模块。利用联邦学习特性使得多个参与方使用通用模型参与训练,训练完成后将参数上传至中心服务器并不断迭代更新通用模型,通过Softmax分类器得到最终的分类预测结果。实验结果表明,DFC-NID模型在NSL-KDD与KDDCup99数据集上的准确率平均达到94.1%,与决策树、随机森林等常用入侵检测模型相比,准确率平均提升3.1%,在攻击类DoS与Probe上,DFC-NID的准确率分别达到99.8%与98.7%。此外,相较不使用联邦学习的NO-FC模型,DFC-NID减少了83.9%的训练时间。     

Optimized deep learning-based intrusion detection for wireless sensor networks

The technological innovations and wide use of Wireless Sensor Network (WSN) applications need to handle diverse data. These huge data possess network security issues as intrusions that cannot be neglected or ignored. An effective strategy to counteract security issues in WSN can be achieved through the Intrusion Detection System (IDS). IDS ensures network integrity, availability, and confidentiality by detecting different attacks. Regardless of efforts by various researchers, the domain is still open to obtain an IDS with improved detection accuracy with minimum false alarms to detect intrusions. Machine learning models are deployed as IDS, but their potential solutions need to be improved in terms of detection accuracy. The neural network performance depends on feature selection, and hence, it is essential to bring an efficient feature selection model for better performance. An optimized deep learning model has been presented to detect different types of attacks in WSN. Instead of the conventional parameter selection procedure for Convolutional Neural Network (CNN) architecture, a nature-inspired whale optimization algorithm is included to optimize the CNN parameters such as kernel size, feature map count, padding, and pooling type. These optimized features greatly improved the intrusion detection accuracy compared to Deep Neural network (DNN), Random Forest (RF), and Decision Tree (DT) models.     

Network Intrusion Detection in Internet of Blended Environment Using Ensemble of Heterogeneous Autoencoders (E-HAE)

Contemporary attackers, mainly motivated by financial gain, consistently devise sophisticated penetration techniques to access important information or data. The growing use of Internet of Things (IoT) technology in the contemporary convergence environment to connect to corporate networks and cloud-based applications only worsens this situation, as it facilitates multiple new attack vectors to emerge effortlessly. As such, existing intrusion detection systems suffer from performance degradation mainly because of insufficient considerations and poorly modeled detection systems. To address this problem, we designed a blended threat detection approach, considering the possible impact and dimensionality of new attack surfaces due to the aforementioned convergence. We collectively refer to the convergence of different technology sectors as the internet of blended environment. The proposed approach encompasses an ensemble of heterogeneous probabilistic autoencoders that leverage the corresponding advantages of a convolutional variational autoencoder and long short-term memory variational autoencoder. An extensive experimental analysis conducted on the TON_IoT dataset demonstrated 96.02% detection accuracy. Furthermore, performance of the proposed approach was compared with various single model (autoencoder)-based network intrusion detection approaches: autoencoder, variational autoencoder, convolutional variational autoencoder, and long short-term memory variational autoencoder. The proposed model outperformed all compared models, demonstrating F1-score improvements of 4.99%, 2.25%, 1.92%, and 3.69%, respectively.     

Optimal Deep Learning Based Intruder Identification in Industrial Internet of Things Environment

With the increased advancements of smart industries, cybersecurity has become a vital growth factor in the success of industrial transformation. The Industrial Internet of Things (IIoT) or Industry 4.0 has revolutionized the concepts of manufacturing and production altogether. In industry 4.0, powerful Intrusion Detection Systems (IDS) play a significant role in ensuring network security. Though various intrusion detection techniques have been developed so far, it is challenging to protect the intricate data of networks. This is because conventional Machine Learning (ML) approaches are inadequate and insufficient to address the demands of dynamic IIoT networks. Further, the existing Deep Learning (DL) can be employed to identify anonymous intrusions. Therefore, the current study proposes a Hunger Games Search Optimization with Deep Learning-Driven Intrusion Detection (HGSODL-ID) model for the IIoT environment. The presented HGSODL-ID model exploits the linear normalization approach to transform the input data into a useful format. The HGSO algorithm is employed for Feature Selection (HGSO-FS) to reduce the curse of dimensionality. Moreover, Sparrow Search Optimization (SSO) is utilized with a Graph Convolutional Network (GCN) to classify and identify intrusions in the network. Finally, the SSO technique is exploited to fine-tune the hyper-parameters involved in the GCN model. The proposed HGSODL-ID model was experimentally validated using a benchmark dataset, and the results confirmed the superiority of the proposed HGSODL-ID method over recent approaches.