摘要
目前市面上的入侵检测系统一般都是基于特征匹配,不能对未知入侵进行有效检测,异常检测可以较好地检测未知入侵。M IT林肯实验室提出了一种离线的异常入侵检测方法,但不能据此建立实际的入侵检测系统,为此,提出一种能实时检测网络异常的入侵检测方法。该方法可以实时重建网络连接,提取每一连接的31个与入侵有关的特征,运用支持向量机进行在线检测,实验结果表明,该方法是有效的,检测精度在95%以上。为缩短入侵检测时间,对最短检测时间进行了研究,提出了最优入侵检测时间算法,根据此算法得出局域网内的异常连接在250m s内即可较准确地检测出。
Most of IDS in current use are based on feature match. They usually appear incapable of detecting unknown intrusion. Anomaly detection can efficiently undertake the work of unknown intrusion detection. MIT's Lincoln Laboratory presented a well-renowned off-line intrusion detection scheme, but it couldn't lend itself to establishing a real-time intrusion detection system (IDS). As a response to this problem, we introduce in this paper a novel real-time IDS method. It dynamically reconstructs the TCP connections, extracts 31 intrusion features, and uses support vector machines as detector. The experiments show that the detection accuracy is above 95 %. In order to cut down detect time, we present an algorithm to search best time for detection intrusion. A series of network intrusion experiments have demonstrated that the proposed method can precisely detect intrusions occurring in a local area network within 250 ms.
出处
《桂林电子工业学院学报》
2005年第5期1-5,共5页
Journal of Guilin Institute of Electronic Technology
基金
广西区教育厅资助项目(编号:D20126)
关键词
异常检测
实时检测
入侵特征
支持向量机
anomaly detection, real-time detection, intrusion feature, support vector machines
