期刊文献+

特定应用环境下的入侵检测架构

Intrusion Detection Architecture Under Specific Application Environment
下载PDF
导出
摘要 异常检测可以认为是通过对用户正常行为及系统正常应用环境的学习来识别异常的过程.由于系统及应用环境的复杂性,异常检测还难以达到很高的识别精度.为此,针对在物理上与Internet网完全隔离的计算机网络应用环境,亦即内网,提出基于mobile agent(MA)的多层次入侵检测架构,利用自组织映射网络方法,在不同层次的agent中建立二堆网格的自组织映射网络模型,分别检测目标系统不同层次上的异常现象.实验结果表明,在入侵者攻击的持续时间内,本系统通过多次采样的办法可以使检测率提高到满意的程度. Abnormal detection is considered as a process of recognizing the anomaly by learning to characterize the norm behaviors of user and system application environment. Because of complexity of application on network, it is difficult to improve the precision of abnormal detection. A multiple-layer architecture based on mobile agent(MA) for intrusion detection is presented in the computer network environment isolated with the Internet, which is often called isolated network. It utilizes the methodology of self-organizing map (SOM) neural network to build the two-dimension grid model of SOM neural network and detect the anomaly of the object system on different layers. The experiment shows that this multiple-layer architecture can improve the rate of intrusion detection by sampling time after time in the duration of the network attacked.
出处 《天津大学学报》 EI CAS CSCD 北大核心 2006年第B06期375-378,共4页 Journal of Tianjin University(Science and Technology)
基金 国家自然科学基金(66272011).
关键词 入侵检测 自组织映射 移动代理 网络安全 intrusion detection self-organizing map mobile agent network security
  • 相关文献

参考文献10

  • 1Axelsson S.The base-rate fallacy and its impoications for the difficulty of intrusion detection[C]//The Proceedings of the 6th ACM Conference on Computer and Communications Security.Malaga,Spain,1999:157-164.
  • 2Geib C,Goldman R.Plan recognition in intrusion detection systems[C]//DARPA Information Survivability Conference and Exposition (DISCEX).Virginia,USA,2001:46-53.
  • 3Emilie L,Erland J.Survey of Intrusion Detection Research[R].Chalmer,Sweden:Citeseer,Singapore,2002.
  • 4Yang Laurence T,Amamiya Makoto,Liu Zhen.SVM classifier incorporating selection using GA for spam detection[C]//Embedded and Ubiquitous Computer:International Conference EUC 2005.Nagasaki,Japan:Springer-Verlag GmbH,2005:1147-1154.
  • 5Bernardes M C,Moreira E dos Santos.Implementation of an intrusion detection system based on mobile agents[C]//International Symposium on Software Engineering for Parallel and Distributed Systems.Ireland,2003,2:158-164.
  • 6Helmer G,Wong J S K,Honavar V,et al.Lightweight agents for intrusion detection[J].The Journal of Systems and Software,2003,67 (3):109-122.
  • 7Lippmann R,Haines J W,Fried D J.The 1999 DARPA off-Line Intrusion Detection Evaluation[EB/OL].http://www.ll.mit.edu/SST/ideval/pubs,2000-12-02.
  • 8Kohonen T.Self-Organizing Maps[M].Berlin:Springer,2002.
  • 9Gray R,Cybenko G.D'Agents:Applications and performance of a mobile-agent system[J].Software-Practice and Experience,2002,32 (6):543-573.
  • 10Lange D B,Oshima M,Karjoth G,et al.Aglets:Programming mobile agents in Java[C]//Worldwide Computing and Its Applications (WWCA'97).Spring-Verlag,1997 (1274):253-266.

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部