摘要
分析了目前入侵检测存在的问题,提出了一种基于有效载荷的异常入侵检测技术。该技术选取网络数据包有效载荷的位分布作为系统特征值,采用统计学中的马哈拉诺比斯距离作为区分合法访问与非法入侵的算法,降低了误报率,提高了检测精度。实验结果表明,该检测技术是有效的,具备一定的识别未知入侵的能力,可以实现实时高效的异常入侵检测。
A new anomaly intrusion detection method based on payload is proposed to improve the problems of anomaly detection.The method selected network payload as system feature and it took Mahalanobis distance as algorithm to detect new instrusions.Experiments show that this method is valid.It can detect new intrusion and work well as a real time.
出处
《计算机工程与设计》
CSCD
北大核心
2009年第23期5348-5351,共4页
Computer Engineering and Design
关键词
入侵检测
异常检测
有效载荷
马哈拉诺比斯距离
误报率
intrusion detection
anomaly detection
payload
Mahalanobis distance
false positive rate