一种改进的朴素贝叶斯算法在入侵检测中的应用

讨论了传统的朴素贝叶斯算法在入侵检测中的应用,指出了其存在的问题;针对该算法存在的问题,将遗传算法引入到该算法中,提出了一种改进的朴素贝叶斯算法。并对改进后的算法在KDD CUP 1999数据集上进行了实验。实验证明,改进后的算法能有效提高分类性能和效率。     

基于有效载荷的异常入侵检测技术研究

分析了目前入侵检测存在的问题,提出了一种基于有效载荷的异常入侵检测技术.该技术选取网络数据包有效载荷的位分布作为系统特征值,采用统计学中的马哈拉诺比斯距离作为区分合法访问与非法入侵的算法,降低了误报率,提高了检测精度.实验结果表明,该检测技术是有效的,具备一定的识别未知入侵的能力,可以实现实时高效的异常入侵检测.     

基于数据挖掘的Snort系统改进模型

针对Snort系统对新的入侵行为无能为力的缺点,设计了一种基于数据挖掘理论的Snort网络入侵检测系统的改进模型。该模型在Snort入侵检测系统的基础上增加了正常行为模式挖掘模块、异常检测引擎模块和新规则生成模块,使得系统具有从新的入侵行为中学习新规则和从正常数据中学习正常行为模式的双重能力。实验结果表明,新模型不仅能够有效地检测到新的入侵行为,降低了Snort系统的漏报率,而且提高了系统的检测效率。     

改进FCM聚类算法及其在入侵检测中的应用

针对模糊C-均值（FCM）算法的局限性,提出了一种具有两阶段的模糊FCM聚类改进算法。通过加入点密度函数加权系数和样本特征矢量权重对FCM聚类算法中的目标函数进行改造,进而给出迭代推导公式和算法描述。该算法克服了样本分布不均匀和样本特征矢量对分类贡献不均衡的情况,有效地提高了聚类精度。最后利用KDD CUP 99数据集进行实验,结果表明该算法具有良好的可靠性和可行性。     

高维数据环境下网络异常检测的改进否定选择算法

人工免疫中的否定选择算法目前已成功地应用于异常检测的低维数据集上,但在高维数据集上的效果不大理想。为了改善算法的性能,分析了现有否定选择算法在网络异常检测中的不足,对带变长检测器的否定选择算法进行了修改,提出了一种改进的否定选择算法,新算法中通过移动检测器控制检测器覆盖情况。仿真实验结果表明了改进算法在网络异常检测中高维数据集上的有效性,可以取得较高的检测率和较低的误报率。     

异常入侵检测系统虚警率问题研究

入侵检测系统的虚警率影响检测结果的可信性.通过分析入侵检测系统的可信问题及异常入侵检测系统的虚警率问题,提出了降低虚警率的方法:基于进程检测行为的入侵检测方法、多检测系统协作工作模式.重点描述了基于人工免疫思想,动态构建正常系统轮廓,抑制虚警率的方法,并对其进行了仿真实验.实验表明,本方法可以提高检测效率,有效降低系统虚警率.     

基于模糊关联规则挖掘改进算法的IDS研究

由于现有入侵检测系统误报、漏报率较高,提高其检测准确率具有重要意义;阐述了模糊关联规则挖掘技术在网络入侵检测中发现网络异常并通过相似度计算做出量化的入侵响应的方法,详细描述了基于模糊关联规则算法的入侵检测的具体步骤,并改进了该算法的隶属度函数建立和标准规则集生成方法;通过异常检测实验验证了在入侵检测中应用这一算法的可行性,并且所做的改进可以提高算法的准确性,从而可以得出此改进算法较好地提高了入侵检测的准确率,为入侵检测系统的改进提供了一些思路。     

A neuro-genetic based short-term forecasting framework for network intrusion prediction system

Information systems are one of the most rapidly changing and vulnerable systems, where security is a major issue. The number of security-breaking attempts originating inside organizations is increasing steadily. Attacks made in this way, usually done by ＂authorized＂ users of the system, cannot be immediately traced. Because the idea of filtering the traffic at the entrance door, by using firewalls and the like, is not completely successful, the use of intrusion detection systems should be considered to increase the defense capacity of an information system. An intrusion detection system （IDS） is usually working in a dynamically changing environment, which forces continuous tuning of the intrusion detection model, in order to maintain sufficient performance. The manual tuning process required by current IDS depends on the system operators in working out the tuning solution and in integrating it into the detection model. Furthermore, an extensive effort is required to tackle the newly evolving attacks and a deep study is necessary to categorize it into the respective classes. To reduce this dependence, an automatically evolving anomaly IDS using neuro-genetic algorithm is presented. The proposed system automatically tunes the detection model on the fly according to the feedback provided by the system operator when false predictions are encountered. The system has been evaluated using the Knowledge Discovery in Databases Conference （KDD 2009） intrusion detection dataset. Genetic paradigm is employed to choose the predominant features, which reveal the occurrence of intrusions. The neuro-genetic IDS （NGIDS） involves calculation of weightage value for each of the categorical attributes so that data of uniform representation can be processed by the neuro-genetic algorithm. In this system unauthorized invasion of a user are identified and newer types of attacks are sensed and classified respectively by the neuro-genetic algorithm. The experimental results obtained in this work show that the system achieves improvement in terms of misclassification cost when compared with conventional IDS. The results of the experiments show that this system can be deployed based on a real network or database environment for effective prediction of both normal attacks and new attacks.     

Achieving greater anonymity in network latency

Each lnternet communication leaves trails that can be followed back to the user. Notably, anonymous communication schemes are purposed to hide users＇ identity as to personal, source, destination location and content information. Notably, no network capability is in existence to completely negate anonymity leakage in network latency[~l, thus, the minimization of anonymity leakage in network latency becomes critically salient. The purpose of this paper is to investigate network latency anonymity leaks, and propose practical techniques for their reduction. In this direction, the author investigate the following technical question： What implementation techniques can be configured to truly reduce anonymity leaks using deployable systems and exploiting the popular Tor security strategies.     

基于基因库的新型检测器生成方法

提出一种新的检测器生成方法。由于非我样本中存在着关于非我空间的信息,提出通过统计非我样本中各属性的分布情况来构建基因库,并应用基因库来生成检测器的方法来检测入侵。应用KDDCup1999数据集,通过实验证明该方法能够生成检测率更高的检测器集。