| 网络入侵异常检测的实时方法 |
| |
| 引用本文: | 王勇,高亮,杨辉华.网络入侵异常检测的实时方法[J].桂林电子科技大学学报,2005,25(5):1-5. |
| |
| 作者姓名: | 王勇 高亮 杨辉华 |
| |
| 作者单位: | 桂林电子工业学院网络信息中心,广西,桂林,541004;桂林市信息办,广西,桂林,541001 |
| |
| 基金项目: | 广西区教育厅资助项目(编号:D20126) |
| |
| 摘 要: | 目前市面上的入侵检测系统一般都是基于特征匹配,不能对未知入侵进行有效检测,异常检测可以较好地检测未知入侵。M IT林肯实验室提出了一种离线的异常入侵检测方法,但不能据此建立实际的入侵检测系统,为此,提出一种能实时检测网络异常的入侵检测方法。该方法可以实时重建网络连接,提取每一连接的31个与入侵有关的特征,运用支持向量机进行在线检测,实验结果表明,该方法是有效的,检测精度在95%以上。为缩短入侵检测时间,对最短检测时间进行了研究,提出了最优入侵检测时间算法,根据此算法得出局域网内的异常连接在250m s内即可较准确地检测出。
|
| 关 键 词: | 异常检测 实时检测 入侵特征 支持向量机 |
| 文章编号: | 1001-7437(2005)05-01-05 |
| 修稿时间: | 2005年8月6日 |
Real-time Anomaly Detection of Network Intrusions |
| |
| WANG Yong,GAO Liang,YANG Hui-hua.Real-time Anomaly Detection of Network Intrusions[J].Journal of Guilin Institute of Electronic Technology,2005,25(5):1-5. |
| |
| Authors: | WANG Yong GAO Liang YANG Hui-hua |
| |
| Affiliation: | WANG Yong~1,GAO Liang~2,YANG Hui-hua~1 |
| |
| Abstract: | Most of IDS in current use are based on feature match.They usually appear incapable of detecting unknown intrusion.Anomaly detection can efficiently undertake the work of unknown intrusion detection.MIT's Lincoln Laboratory presented a well-renowned off-line intrusion detection scheme,but it couldn't lend itself to establishing a real-time intrusion detection system(IDS).As a response to this problem,we introduce in this paper a novel real-time IDS method.It dynamically reconstructs the TCP connections,extracts 31 intrusion features,and uses support vector machines as detector.The experiments show that the detection accuracy is above 95%.In order to cut down detect time,we present an algorithm to search best time for detection intrusion.A series of network intrusion experiments have demonstrated that the proposed method can precisely detect intrusions occurring in a local area network within 250 ms. |
| |
| Keywords: | anomaly detection real-time detection intrusion feature support vector machines |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
