摘要
基于网络的入侵检测系统中,由于检测速率与数据包采集速率不匹配,以及检测所需成本的限制,在收集用于检测的网络数据包时,必须选择有效的采样策略.本文引入博弈模型框架上的原始入侵数据包采样策略,在此基础上再进行分析和扩展.针对单一采样策略的缺陷与不足,引入风险管理的思想来分析在决策者不同效用偏好情况下的采样策略选择问题,并且通过具体的实例,说明了基于风险差异的采样策略选择的有效性.
Since sampling entails incurring network costs hardware in the network-based intrusion detection system, strategy to effectively detect network intrusions without for real-time packet sampling and packet examination we would like to develop a network packet sampling exceeding the velocity of the packet examination. We consider this problem in a game theoretic framework and introduce sampling schemes that are optimal in this game theoretic setting by the Minimax theorem and the max-flow rain-cut theorem. According to the limitation and scarcity of this single intrusion node method, we introduce a method of risk management and extend the solution to more complex cases to choose sampling strategy while facing more various environments. Finally, we provide an empirical study to exemplify our improved method.
出处
《中国科学院研究生院学报》
CAS
CSCD
2006年第4期534-542,共9页
Journal of the Graduate School of the Chinese Academy of Sciences
基金
国家863计划项目(2003AA103710)资助
关键词
入侵检测
采样策略
博弈理论方法
风险管理
intrusion detection, sampling strategy, game theoretic approach, risk management
