一种基于遗传算法的误用检测模型自适应建立算法

传统入侵检测系统的攻击模型库需要专家手工建立,不利于系统的推广和应用.为了实现入侵检测系统中入侵特征提取和攻击规则生成的自动化,提出将遗传算法应用于入侵检测规则学习问题中.采用遗传进化操作启发式搜索网络特征数据空间,通过操作算子进行遗传运算,产生出具有高适应度的个体,从而自动归纳出某种入侵的共同属性.采用DARPA入侵检测评价计划数据库进行了仿真实验,该方法归纳总结出的攻击特征符合客观事实,与专家建立的攻击规则一致,并且较好地处理了噪音数据,具有鲁棒性.误用检测模型自适应建立算法能够在无专家参与的情况下自动建立攻击类型库,增强了入侵检测系统的可移植性.

Study of building misuse detection models based on genetic algorithms

The attack model bases of traditional intrusion detection systems were manually built,hampering the popularization and application of IDSs.A study was conducted to realize the automation of intrusive feature extraction and attack rule generation.An adaptive method based on genetic algorithms was presented for learning the intrusion detection rules.This approach used heuristic search in the data space of network features.The genetic operations run through some operators.The individuals with high fitness were produced,and the same attributes of an intrusion were found.In the simulations and experiments the features of an attack were summarized inductively through the databases of the DAPRA Intrusion Detection Evaluation Program,and it accorded with the objectivity and attack rule summarized by research experts.This method dealt with the noise data,and had the robustness.The adaptive method for building misuse detection models can automatically create the model bases of attacks,and strengthen the transplantation of IDSs.