期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于条件随机场的实时入侵检测系统框架实现 被引量:1

Real-Time Intrusion Detection System Framework Based on Conditional Random Fields
下载PDF
导出
摘要 入侵检测系统(IDS)如今是网络的重要组成部分,现在各种无线网络及专用网络都已配备检测系统。随着网络技术的迅猛发展,入侵检测的技术已经从简单的签名匹配发展成能充分利用上下文信息的基于异常和混合的检测方式。为了从网络环境大量记录信息中正确有效地识别出入侵,提出一种基于层叠条件随机场模型的入侵检测框架,该框架针对4类不同攻击方式利用条件随机场模型分别进行识别训练,然后逐层进行入侵识别,提高了入侵检测系统的自适应性和可移植性,降低了系统的误报率和误检率,可高精度的识别各种攻击。实验结果表明,该框架可实时有效的识别攻击,启动响应机制进行处理。 Intrusion detection systems are now an essential component in the all kinds of network even including wireless ad hoc network. With the rapid advancement in the network technologies, the focus of intrusion detection has shifted from simple signature matching approaches to detecting attacks based on analyzing contextual information that employed in based on anomaly and hybrid intrusion detection approaches In order to correctly and effectively recognizing the hidden attack intrusion from large volume of low level system logs, a layered based on anomaly intrusion detection framework was proposed using conditional random fields to detect a wide variety of attacks. For models separately, and then processes the data layer fou by r classes of attack the framework trains four different layer to detect intrusion. Attacks could be identified and intrusion response could be initiated in real time with this framework and the system adaptability and portability were improved significantly reduce the system false alarm rate and false detection rate. Experiments show that the CRF model could detect attacks effectively
作者 顾佼佼 姜文志 栗飞 胡文萱
机构地区 海军航空工程学院兵器科学与技术系 海军航空工程学院指挥系 海军航空工程学院外训系
出处 《海军航空工程学院学报》 2011年第5期543-548,共6页 Journal of Naval Aeronautical and Astronautical University
关键词 入侵检测 条件随机场 机器学习 层叠模型 intrusion detection CRFs Machine Learning overlay model
分类号 TP393.081 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献9

  • 1ANIMESH PATCHA, JUNGMIN PARK. An overview of anomaly detection techniques: existing solutions and latest technological trends[J]. Computer Networks, 2007,51 (12):3448-3470.
  • 2TAMAS ABRAHAM. IDDM: Intrusion Detection Using Data Mining Techniques[M]. Department of Defence, 2007:11-16.
  • 3AMOR N B, BENFERHAT S, ELOUEDI Z. Naive Bayes VS decision trees in intrusion detection systems [C]//Proceedings of ACM Symp. Applied Computing. New York, USA: ACM Press, 2004:420- 424.
  • 4段雪涛,贾春福,刘春波.基于层次隐马尔科夫模型和变长语义模式的入侵检测方法[J].通信学报,2010,31(3):109-114. 被引量:8
  • 5JOHN LAFFERTY, ANDREW MCCALLUM, FERNANDO PEREIRA. Conditional random fields: probabilistic models for segmenting and labeling sequence data[C]//ICML. San Francisco, CA, USA: Morgan Kaufmann Publishers Inc., 2001:31-38.
  • 6胡广朋,程辉,邵玉宝.基于层叠条件随机场的网络入侵识别[J].江苏科技大学学报(自然科学版),2008,22(5):63-66. 被引量:4
  • 7ANDREW MCCALLUM. Efficiently inducing features of conditional random fields[C]//Proceedings of the 19th Annual Conference on Uncertainty in Artificial Intelligence. Acapulco. Mexico: Morgan Kaufmann, 2003:403-410.
  • 8YACINE BOUZIDA, SYLVAIN GOMBAULT.Eigenconnections to intrusion detection[C]//Yves Deswarte, Lingyu Wang. In Security and Protection in Information Processing Systems. Toulouse, France Springer Boston, 2004:241-258.
  • 9IAN H WITTEN, EIBE FRANK. Data Mining Practical Machine Learning Tools and Techniques[M] 3rd ed. Morgan Kaufmann, 2011:140-147.

二级参考文献15

  • 1FORREST S, HOFMEYR S A, SOMAYAJI A, et al. A sense of Unix processes[A]. Proceedings of the 1996 IEEE Symposium on Research in Security and Privacy[C]. 1996.120-128.
  • 2FORREST S, PERELSON A S, ALLEN L, et al. Self-nonseff discrirnination[A]. Proceedings of the 1994 IEEE Symposium on Research in Security and Privacy[C]. 1994. 202-212.
  • 3LEE W, STOLFO S J. Data mining approaches for intrusion detection[A]. Proceedings of the 7th USENIX Security Symposium[C]. San Antonio, Texas, 1998.
  • 4LEE W, XIANG D. Information theoretic measures for anomaly detection[A]. Proceedings of the 2001 IEEE Symposium on Research in Security and Privacy[C]. Oakland, California, 2001.130-134.
  • 5KOSORESOW A P, HOFMEYR S A. Intrusion detection via system call trace[J]. IEEE Software, 1997, 14(5): 35-42.
  • 6WESPI A, DACIER M, DEBAR H. Intrusion detection using variable-length audit trace patterns[A]. Proceedings of Workshop on Recent Advances in hatrusion Detection[C]. Toulouse, France, 2000.110- 129.
  • 7ZHANG X H, LI J W, JIANG Z H, et al. Black-box extraction of functional structures system call traces for intrusion detection[A]. Advanced Intelligent Computing Theories and Applications with Aspects of Contemporary Intelligent Computing Techniques[C]. Springer, Berlin Heidelberg, 2007. 135-144.
  • 8WESPI A, DEBAR H, DACIER M, et al. Flexed vs. variable-length patterns for detecting suspicious process behavior[A]. Proceedings of the 5th European Symposium on Research in Computer Security[C]. 2004. 1-15.
  • 9RABINER L R, JUANG B H. An introduction to hidden Markov models[J]. IEEEASSP Magazine, 1986, 3(1): 4-16.
  • 10ZHONG A M, JIA C E Study on the application of hidden Markov models to computer intrusion detection[A]. Proceedings of the 5th World Congress on Intelligent Control and Automation[C]. Hangzhou, 2004. 4352-4356.

共引文献10

同被引文献7

引证文献1

二级引证文献2

海军航空工程学院学报
2011年 第5期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部