期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

会话属性优化的网络异常检测模型 被引量:2

Network anomaly detection model of optimizing session attributes
下载PDF
导出
摘要 网络异常检测模型的检测性能在很大程度上依赖于网络会话属性,因网络会话属性在本质上刻画了网络行为模式。基于假设验证的实验分析手段,采用Tcpdump网络数据包作为实验数据源,在将数据包解析成具有基本属性的网络会话记录基础上,提出了一组简洁和精确的会话属性组合模式。实验结果表明,优化后的会话属性组合模式确实能够有效地提高网络异常检测模型对未知攻击的检测能力,采用基本属性、全部属性和任意部分属性训练检测模型,并不能获得良好的检测效果。 The detection performance of network anomaly detection model depends on network session attributes to a great extent because session attributes characterize network behavior profile. Tcpdump network traffic packets were regarded as the experiment data set. Traffic packets were resolved into session records with basic attributes. A concise and exact combination pattern for session attributes is proposed based on what-if experiment analysis. The experiment results indicate that the optimized pattern for session attributes improves the detection performance of anomaly detection model against unknown attacks. Better detection effects are not achieved by training detection model with basic, full and arbitrary attributes.
作者 彭新光 马晓丽
机构地区 太原理工大学计算机科学与技术系
出处 《计算机工程与设计》 CSCD 北大核心 2005年第11期2945-2948,共4页 Computer Engineering and Design
基金 山西省自然科学基金项目(20041047)
关键词 网络安全 会话属性 检测模型 network security session attributes detection model
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献6

  • 1Juan M Est&ez-Tapiador, Pedro Garci a-Teodoro, Jesus E Di az-Verdejo. Measuring normality in HTTP traffic for anomaly-based intrusion detection[J].International Journal of Computer and Telecommunications Networking, 2004, 45(2): 175-193.
  • 2Wenke Lee, Sal Stolfo. A Framework for constructing feature and models for intrusion detection systems[J]. ACM Transactions on Information and System Security, 2000, 3(4): 227-261.
  • 3Matthew V Mahoney, Philip K Chan. An Analysis of the 1999 DARPA/lincoln laboratories evaluation data for network anomaly detection[C]. Berlin Germany: Springer, Proceedings of the 6th International Symposium on Recent Advances in Intrusion Detection, Lecture Notes in Computer Science, 2003. 220-237.
  • 4Lee W, Fan W, Miller M, et al. Toward cost-sensitive modeling for intrusion detection and response[J]. Journal of Computer Security, 2002, 10(1): 5-22.
  • 5Richard Lippmann, Joshua W Haines, David J Fried, et al. The 1999 DARPA off-line intrusion detection evaluation[J]. The International Journal of Computer and Telecommunications Networking, 2000, 34(4): 579-595.
  • 6William W Cohen. Fast effective rule induction[C]. California USA: Proceedings of the Twelfth International Conference on Machine Learning, 1995.115-123.

同被引文献19

  • 1张雪芹,顾春华,林家骏.入侵检测技术的挑战与发展[J].计算机工程与设计,2004,25(7):1096-1099. 被引量:14
  • 2张建忠,徐敬东,练书成,辛颖.可扩展的异常检测系统的研究与实现[J].计算机工程与设计,2005,26(7):1722-1725. 被引量:1
  • 3胡兆阳,谢余强,舒辉.ASP.NET中会话状态实现研究[J].计算机工程与设计,2005,26(12):3409-3412. 被引量:3
  • 4王成,刘金刚,刘汉武.网络中突发业务自相似建模及其Hurst系数估计[J].计算机工程,2006,32(2):101-103. 被引量:9
  • 5阎宏.Java与模式[M].北京:电子工业出版社,2003..
  • 6Ted Husted,Vincent Massol.JUnit in Action[M].USA:Manning Publications,2004.78-248.
  • 7Alexander Chaffee.Unit testing with mock objects[EB/OL].http://www-128.ibm.com/developerworks/library/j-mocktest.html,2002.
  • 8Martin Fowler.Inversion of control containers and the dependency injection pattem[EB/OL].http://www.martinfowler.com/articles/injection.html,2004.
  • 9Garrett Conaty.Beehive 中的IoC[EB/OL].http://dev2dev.bea.com.cn/techdoc/2005012103.html,2005-01-21.
  • 10Malarvannan M.Design better software with the inversion of control pattern[EB/OL].http://www.devx.com/Java/Ar2ticle/27583/0/page/1,2005-03-18.

引证文献2

二级引证文献4

计算机工程与设计
2005年 第11期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部