摘要
网络入侵检测是互联网安全领域研究的热点问题。传统的基于异常的入侵检测方法采用单一的检测模型对各类数据进行检测,导致漏报率高,且缺乏模型的动态更新机制,导致模型自适应差。针对上述问题,提出了一种具有自适应性的多级入侵检测模型ACIDM(Adaptive Cascaded Intrusion Detection Model)。ACIDM层级部署多个检测模型,各级模型之间通过检测反馈对模型进行动态更新和协同训练。实验证明,与单一检测模型相比,ACIDM检测器的多样性、层级性和自适应性,使得ACIDM在保证检测精度的同时能明显降低对入侵的漏报率,且这种优势在小样本情况下尤为显著。
The detection of network intrusion is a hot topic in the field of internet security. Traditional intrusion detection methods based on anomaly not only use a single detection model to detect all the data, but also lack dynamic update mechanism of the model, which lead to high false acceptance rate and poor adaptability of the model. In response to these problems, this paper proposes a multi layer intrusion detection model capable of adaptability: ACIDM(Adaptive Cascaded Intrusion Detection Model ). ACIDM deploys multiple detection models hierarchically and updates dynamically these models using feedback data. Experiments show that compared with single detection model, ACIDM detectors of diversity, hierarchy and adaptability enable ACIDM to reduce the false acceptance rate of intrusion obviously with high detection precision, and this advantage is especially significant in small sample situation.
出处
《计算机安全》
2013年第10期6-11,共6页
Network & Computer Security
基金
国家自然科学基金(No.61173159)
四川大学青年教师科研启动基金(No.2011SCU11086)
