摘要
目前的入侵检测系统主要采用的是基于特征的误用方法.近几年出现的基于数据挖掘技术的异常检测方法则需要依靠带标识的训练数据来保证检测效果,然而在现实应用中,训练数据往往是难以获取的,另外,基于异常检测的入侵检测系统面临的另外一个难题是用户的正常行为往往是随着时间而改变的,系统必须能够自适应的更新来适应这些改变,辨别出哪些是正常行为的变化哪些是攻击行为.文中提出了一种采用演进的模糊神经网络(EFuNN)的非监督式异常检测新方法,该方法具有独特的优势,它无需大量的带标识的,用于标明各种攻击的训练数据,而只需要寻找和定义正常的分类,因此,它可以在无需先验知识的情况下,在线式的,自适应的发现异常行为,文章最后采用KDD CUP99的测试数据集对该方法进行了评估,证实了该方法在网络异常检测中的有效性.
Most current intrusion detection system adopt signature-based methods or data mining-based methods, which rely on labeled training data, however, in practice, this training data is typically expensive to produce. Another difficulty of anomaly-based intrusion detection system is that patterns of normal behavior vary with the time and the system must be able to adapt to these changes, and be able to distinguish these changes in normal behavior from intrusive behavior. This paper discusses the creation of an unsupervised anomaly detection system that uses EFuNN to detect anomalies in network connections. Such a system can work without massive sets of pre-labeled training data. It has added versatility Of being free of the overspecialization that comes with systems tailored for specific sets of attacks. Therefore, the system can update the normal profile in an online, adaptive fashion. In the end, the method is evaluated by experimenting on the network records from the KDD CUP99 data set.
出处
《哈尔滨工程大学学报》
EI
CAS
CSCD
北大核心
2006年第B07期51-54,共4页
Journal of Harbin Engineering University
基金
国家自然科学基金资助项目(60573101)
陕西省自然科学基金资助项目(2005f43).
关键词
异常检测
入侵检测
网络安全
神经网络
anomaly detection
intrusion detection
network security
neural network
