摘要
目前的入侵检测系统主要采用的是基于特征的误用方法。另外,近几年出现的基于数据挖掘技术的入侵检测方法则需要依靠带标识的训练数据来保证检测效果,然而在现实环境中,训练数据往往是难以获得的。与之相比,非监督式的异常检测系统则具有独特的优势,它无需大量的带标识的、用于标明各种攻击的训练数据,而只需要寻找和定义正常的分类,因此,它具有在不具备任何先验知识的情况下发现新型攻击的能力。文章提出了一种采用模糊自适应谐振网(fuzzyART)发现网络入侵的新方法,并在最后采用KDDCUP99的测试数据集对该方法进行了评估,证实了该方法在网络异常检测中的有效性。
Most current intrusion detection systems employ signature-based methods or data mining-based methods which rely on labeled training data,however,in practice,thls training data is typically expensive to produce.In contrast, unsupervised anomaly detection has great utility within the context of network intrusion detection system.Such a system can work without the need for massive sets of pre-labeled training data and has the added versatility of being free of the overspeciallzation that comes with systems tailored for specific sets of attacks.Thus,with a system that seeks only to define and categorize normalcy,there is the potential to detect new types of network attacks without any prior knowledge of their existence.This paper discusses the creation of such a system that uses Fuzzy ART to detect anomalies in network connectlons.We evaluate our method by performing experiments over network records from the KDD CUP99 data set.
出处
《计算机工程与应用》
CSCD
北大核心
2006年第27期144-146,共3页
Computer Engineering and Applications
基金
国家自然科学基金资助项目(编号:60573101)
陕西省自然科学基金资助项目(编号:2005f43)
关键词
入侵检测
网络安全
模糊逻辑
异常检测
intrusion detection,network security,fuzzy logic,anomaly detection
