摘要
针对目前入侵检测系统已使用的ARMA等线性检测方法,引入了动力学的混沌同步思想,提出了一种基于混沌同步的网络入侵检测方法,从非线性信号处理角度进行检测.使用高斯混合模型(GMM)结合期望最大化(EM)算法对网络数据流建模,估计GMM的3个参数向量.取待检测网络数据流参数向量与正常数据流参数向量的差值作为Liu混沌系统的混沌同步控制量,当待检测数据流存在入侵信号时,波形会产生振荡,只要选取适当的判决门限即可准确判定入侵信号.利用MIT林肯实验室DARPA数据库对系统进行仿真实验,并与ARMA模型相比,结果表明,所提出的方法对入侵检测具有更高的检测率和更低的误警率.
An intrusion detection method based on chaotic synchronization was proposed. The network flow can be modeled by using Gaussian mixture model (GMM) combined with expectation maximization (EM) algorithm, and then the three parameter vectors can be estimated. By taking the difference between the normal flow data and the data for detection as Liu chaotic synchronization^s control measure, when it has intrusion signals, the wave plot would be oscillating, which is the feature of intrusion. When selecting the suitable threshold, the intrusion signals can be detected accurately. According to the simulations based on the DARPA datasets of MIT Lincoln lab and the comparisons with the intrusion detection system (IDS) based on autoregressive moving average (ARMA) model, the results show that the detective probabilities are higher and the false alarm rates are lower by using this proposed method.
出处
《上海交通大学学报》
EI
CAS
CSCD
北大核心
2009年第12期1874-1880,共7页
Journal of Shanghai Jiaotong University
基金
国家自然科学基金资助项目(60802058)
教育部留学回国人员科研启动基金资助项目
关键词
网络入侵检测
高斯混合模型
期望最大化算法
LIU混沌系统
混沌同步
network intrusion detection
Gaussian mixture model (GMM)
expectation maximization algorithm (EM)
Liu chaotic system
chaotic synchronization
