摘要
鉴于模型推理的入侵检测方法,需要在庞大的审计记录空间中搜索巨量的攻击脚本子集中的最优值,对于这一NP类完全问题,提出了应用模拟退火算法。并建立了攻击检测的优化问题模型,给出了攻击检测实验中的解空间、目标函数、新解的产生和接受准则,得到了一个合理的冷却进度表,并对实验中的模拟退火算法进行了并行化研究。实验证明,与传统的贪心算法相比,应用模拟退火算法提高了进化速度和全局寻优能力,较好地解决了搜索效率问题。
It is needed to search among all the possible attack subsets and to match the events recorded in the audit trail. To make a decision about the realism of the hypothesis corresponding to a particular subset is difficult in model-based reasoning Intrusion Detection System. We present using Simulated Annealing(SA) algorithm to solve this NP-complete problem. Modeling a optimizing issue of attack detection first, and give the solve space, the target function, the creation of new solution and accept the standard, we got a reasonable cooling schedule. The parallelization of SA algorithm is also presented. The experiments indicate that the SA algorithm can improve the evolution speed and the abilities of seeking the global excellent result, and resolve to the efficiency problem of searching well.
出处
《电子科技大学学报》
EI
CAS
CSCD
北大核心
2005年第1期36-39,共4页
Journal of University of Electronic Science and Technology of China
基金
国家自然科学基金资助项目(69931040)
关键词
模拟退火算法
模型推理
入侵检测
网络安全
simulated annealing algorithm
model-based reasoning
intrusion detection
network security
