期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

利用贝叶斯预测和反向传播神经网络训练snort入侵检测规则方案的研究

Research Scheme of Bayesian Model and BP Neural Network Improved the Snort Intrusion Detection System
下载PDF
导出
摘要 在网络安全问题中,一种分布式拒绝服务(Distributed deny of services)攻击严重威胁着现有的互联网.针对DDOS攻击基于神经网络算法的防护,因为现有算法收敛性能不高,过滤DDOS攻击包的速度过慢,无法投入大规模商业使用.本文针对这个问题,提出借助SNORT入侵检测平台,利用捕捉的网络数据包进行数据规整化,利用贝叶斯模式对正常数据和异常数据进行初步分离,使得能减少冗余训练数据对神经网络的输入,之后利用改进的反向传播神经网络进行前期数据训练,使训练产生的数据对检测模型进行优化,并且自动生成防御规则.其优势在于:1)在linux系统上实现部分改进,使得现有包过滤效率增强,在攻击目标端生效之前可进行攻击拒绝;2)使用贝叶斯模型减少重复数据和不必要数据的输入,改进的神经网络算法使得训练收敛速度加快,方便规则的重新制定学习,以防新攻击.实验表明,本文方案在一定程度上提高了原有基于神经网络防护DDOS攻击的处理速度,也能够防护若干未知DDOS攻击,训练算法的收敛速度也得到进一步提升,并且该方案能在软件层面上提升自适应抗DDOS软件的性能. tn the network security issues,a attack of distributed denial of service (Distributed Deny of service) is a serious threat to the existing Intemet.One of the protection methods based on neural network algorithm,has the disadvantage of poor algorithms convergence,leading to a low filftering rate for the packet with DDOS attack is slow.This paper is designed to raise corresponding solutions to solve the problem which is based on the SNOR Iutrusion detection system plafform.After regularizing data with the network data package captured,the normal data and the abnormal data can be separated ronghly from each other with the help of Bayesian models,so that the redundant input of training data into neural network can be diminished.Once the figures are valid,the program executes pre-trainings for date by using improved Backward Propagation Neuron Network in order to promote the testing models and create defensive rules automatically.The main advantages of this system as follows:having improved the LINUX system,enhancing the filtering productivity of the present packet and refusing attacks before the target ends becoming effective; the use of Bayesian models reduces the repeated or unnecessary data input.Also,the improved neural network algorithms accelerate the convergence speed,more over they enable to re-enact the rules and learning and prevent new attacks,therefore,it makes the reconstruction and learning of rules convenient,which prevents new attacks.Experiments show that the program enhances the processing speed of defensing DDOS attacks based on previous neural net defense network,guards against unknown DDOS attacks and promotes the convergence speed of training algorithm,and the program at the software level to enhance adaptive of defend with DDOS software performance.
作者 马博 慕德俊 袁丁
机构地区 西北工业大学自动化学院 四川师范大学计算机科学与技术学院
出处 《四川师范大学学报(自然科学版)》 CAS CSCD 北大核心 2013年第6期963-969,共7页 Journal of Sichuan Normal University(Natural Science)
基金 国家自然科学基金(F020705) 国防基础研究基金(B02720110004)资助项目
关键词 分布式拒绝服务攻击(DDOS) 贝叶斯模式(Beyes) 反向误差传播神经网络 数据训练 入侵检测系统(IDS) DDOS Beyes model back-propagation neural networks data train intrusion detection system
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献16

  • 1李兵元,马新.网络安全之防御DDOS攻击[J].新疆石油科技,2005,15(3):69-71. 被引量:1
  • 2Mirkovic J, Reiher P. Jelena M. A. ACM SIGCOMM Computer Communication Review,2004,34(2) :39 -54.
  • 3Octavian S, Edward W K. International Joint Conference on Neural Networks, 1999,3:1672- 1677.
  • 4Gil M, Poletto M. MULTOPS: A Data- structure for Bandwidth Attack Detection[ C ]//10th USENIX Security Symposium Washington : USENIX Security Symposium, 2001:23 - 38.
  • 5赵正佳,黄洪钟,陈新.优化设计求解的遗传神经网络新算法研究[J].西南交通大学学报,2000,35(1):65-68. 被引量:38
  • 6Bonifcio Jr J M, Cansian M, De C A, et al. Neural Networks Applied in Intrusion Detection System:l[C]//Neural Networks Proceedings,1998. .mchorage, AK:II%;E World Congress o11 Computational Intelligence. 1he 1998 IEEE International Joint Conference on,1998:235-210.
  • 7施永益,黄忠东.基于排队论和QoS的电力系统主干网带宽估算[J].电力系统自动化,2002,26(18):50-53. 被引量:11
  • 8商琳,王金根,姚望舒,陈世福.一种基于多进化神经网络的分类方法[J].软件学报,2005,16(9):1577-1583. 被引量:13
  • 9Lippmann R, Cunningham R K, Fried D J, et al. Results of the DARPA 1998 Offline Intrusion Detection Evaluation [ C ]//West Lafayette : Recent Advances in Intrusion Detection, 1999:829 - 835.
  • 10Park K, Lee H. On the Effectiveness of Probabilistic Packet Marking for IP Traceback under Denial of Service Attack[ C]//Anchor- age, AK:INFOCOM 2001.

二级参考文献23

  • 1[2]Davison B D. A Web Caching Primer. IEEE Internet Computing, 2001, 5(4): 38~45
  • 2[3]Guo Yang, Gong Weibo, Don Towsley. Timestepped Hybrid Simulation (TSHS) for Large Scale Networks. In: Proceedings of IEEE Infocom 2000. Israel: IEEE, 2000
  • 3[4]Syam Gadde, Jeff Chase, Amin Vahdat. Coarse-grained Network Simulation for Wide-area Distributed Systems. In: Communication Networks and Distributed Systems Modeling and Simulation Conference (CNDS 2002). USA: The Society for Computer Simulation International, 2002
  • 4[5]Jong Suk Ahn, Peter B Danzig. Packet Network Simulation: Speedup and Accuracy Versus Timing Granularity. IEEE/ACM Trans on Networking, 1996, 4(5): 743~757
  • 5[6]Vern Paxson,Sally Floyd. Why We Don't Know How To Simulate the Internet. In: Proceedings of the 1997 Winter Simulation Conference. USA: ACM, 1997. 1037~1044
  • 6[7]Gunther N. The Practical Performance Analyst. New York: McGraw-Hill, 1998. 207~315
  • 7[8]ITU-T. Multimedia QoS from a User Perspective. http://www.itu.int/itudoc/itu-t/workshop/qos/s2p1.pdf, 2001
  • 8[9]ITU-T G.729A. Coding of Speech at 8 kbps Using Conjugate-Structure Algebraic Code-excited Linear-prediction Coding. USA: ITU-T, 1998
  • 9Han JW, Kamber M. Data Mining: Concepts and Techniques. San Francisco: Morgan Kaufmann Publishers, 2001.
  • 10Theodoridis S, Koutroumbas K. Pattern Recognition. 2nd ed., NewYork: Academic Press, 2003.

共引文献59

四川师范大学学报(自然科学版)
2013年 第6期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部