期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于数据包负载的网络入侵检测 被引量:1

Packet Payload Based Anomalous Network Intrusion Detection
下载PDF
导出
摘要 通过分析正常的网络数据流负载的字节统计分布,提出了一个基于网络数据包负载的异常检测模型,模型的产生完全是自动的、无监督的和高效的.模型训练阶段,针对特定主机的每一个端口,计算经过该端口的数据包负载的字节出现频率的平均值和标准差,根据计算结果产生统计分布检测模型.检测阶段,利用马氏距离计算新的数据和训练阶段产生的统计模型的相似性,根据计算结果和距离临界值的比较检测入侵.使用1999 DARPA IDS数据集对所建模型进行测试,结果显示该模型对于检测某些针对特定的端口的攻击有效,特别是在检测80端口的数据包时,正确率几乎达到100%,而错误率为0.1%. The paper presents a payload-based anomaly detector model describing the normal pakcet payload of network traffic in a fully automatic, unsupervised and very effecient fashion, for intrusion detection. We firstly compute during a training phase a profile byte frequency distribution and their standard deviation of the application payload flowing to a single host and port. then, Mahalanobis distance during the detection phase is used to calculate the similarity of new data against the pre-computed profile. The detector compares this measure against a threshold and generates an alert when the distance of the new input exceeds this threshold. The surprising effectiveness of the method is demonstrated for the 1999 DARPA IDS dataset. In one case nearly 100% accuracy is achieved with 0.1% false positive rate for port 80 traffic.
作者 王瑞杰 冯雁 龙小飞
机构地区 浙江大学计算机科学与技术学院
出处 《江南大学学报(自然科学版)》 CAS 2007年第3期271-274,共4页 Joural of Jiangnan University (Natural Science Edition) 
基金 浙江省自然科学基金重点项目(2004201)
关键词 有效载荷 异常检测 入侵检测 马氏距离 payload anomalous detection intrusion detection Maharanobis distance
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献8

  • 1Staniford S,Hoagland J,McAlerney J.Statistical packet anomaly detection engine(SPADE)[J].SIGKDD,2000,1 (6):208-223.
  • 2Javits H S,Valdes A.The NIDES Statistical Component:Description and Justification[M].California:Computer Science Laboratory,SRI International.1993:2-6.
  • 3Mahoney M,Chan P K.Learning nonstationary models of normal network traffic for detecting novel attacks[J].SIGKDD,2002,1(8):376-385.
  • 4Mahoney M.Network traffic anomaly detection based on packet bytes[J].ACMSAC,2003,1(13):21-38.
  • 5Kruegel C,Toth T,Kirda E.Service Specific Anomaly Detection for Network Intrusion Detection[M].New York:Symposium on Applied Computing (SAC) ACM Press,2002:201-208.
  • 6Damashek M.Gauging similarity with n-grams:language independent categorization of text[J].Science,1995,267:843-848.
  • 7Lippmann R,Haines J.The 1999 DARPA off-line intrusion detection evaluation[J].Computer Networks,2000,34(4):579-595.
  • 8Mahoney M,Chan P K.An analysis of the 1999 DARPA/Lincoln laboratory evaluation data for network anomaly detection[J].RAID,2003,1(6):220-237.

同被引文献7

  • 1Thorat S A, Khandelwal A K, Bruhadeshwar B, et al. Payload Content Based Network Anomaly Detection[C]//Proc. of the 1st Int'l Conference on the Applications of Digital Information and Web Technologies. Ostrava, Czech Republic: [s. n.], 2008.
  • 2Zhang Like, White G B. An Approach to Detect Executable Content for Anomaly Based Network Intrusion Detection[C]//Proc. of IEEE International Parallel and Distributed Processing Symposium. Long Beach, USA: IEEE Press, 2007: 1-8.
  • 3Hubballi N, Biswas S, Nandi S. Layered Higher Order n-grams for Hardening Payload Based Anomaly Intrusion Detection[C]//Proc. of the 5th International Conference on Availability, Reliability and Security. Krakow, Poland: [s. n.], 2010: 321-326.
  • 4Mrdovic S, Perunicic B. NIDS Based on Payload Word Frequencies and Anomaly of Transitions[C]//Proc. of the 3rd International Conference on Digital Information Management.London, UK: Is. n.], 2008: 334-339.
  • 5Mrdovic S, Perunicic B. Kerckhoffs Principle for Intrusion Detection[C]//Proc. of the 13th International Telecommunications Network Strategy and Planning Symposium. Budapest, Hungary: [s. n.], 2008.
  • 6李勃,张卫东,李晓飞.基于负载语法分析的异常入侵检测技术研究[C]//第十三届全国青年通信学术会议论文集.北京:[出版者不详],2008.
  • 7Weng Guang'an, Chen Wei. A Simulation Test Approach for Payload Based Anomaly Intrusion Detection[C]//Proc. of the 3rd International Conference on Information Science and Engineering. Yangzhou, China: Is. n.], 2011: 1576-1579.

引证文献1

二级引证文献1

江南大学学报(自然科学版)
2007年 第3期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部