摘要
异常检测可以认为是通过对用户正常行为及系统正常应用环境的学习来识别异常的过程.由于系统及应用环境的复杂性,异常检测还难以达到很高的识别精度.为此,针对在物理上与Internet网完全隔离的计算机网络应用环境,亦即内网,提出基于mobile agent(MA)的多层次入侵检测架构,利用自组织映射网络方法,在不同层次的agent中建立二堆网格的自组织映射网络模型,分别检测目标系统不同层次上的异常现象.实验结果表明,在入侵者攻击的持续时间内,本系统通过多次采样的办法可以使检测率提高到满意的程度.
Abnormal detection is considered as a process of recognizing the anomaly by learning to characterize the norm behaviors of user and system application environment. Because of complexity of application on network, it is difficult to improve the precision of abnormal detection. A multiple-layer architecture based on mobile agent(MA) for intrusion detection is presented in the computer network environment isolated with the Internet, which is often called isolated network. It utilizes the methodology of self-organizing map (SOM) neural network to build the two-dimension grid model of SOM neural network and detect the anomaly of the object system on different layers. The experiment shows that this multiple-layer architecture can improve the rate of intrusion detection by sampling time after time in the duration of the network attacked.
出处
《天津大学学报》
EI
CAS
CSCD
北大核心
2006年第B06期375-378,共4页
Journal of Tianjin University(Science and Technology)
基金
国家自然科学基金(66272011).
关键词
入侵检测
自组织映射
移动代理
网络安全
intrusion detection
self-organizing map
mobile agent
network security