期刊文献+

基于网络流统计数据的伪装入侵检测 被引量:4

Masquerade Intrusion Detection Based on Network Flow Statistical Data
下载PDF
导出
摘要 伪装入侵是指非授权用户伪装成合法用户进入系统访问关键数据或执行非法操作的行为,现有伪装入侵检测方法大多通过获取用户敏感数据对用户特征进行建模。针对上述问题,提出一种基于网络流统计数据的伪装入侵检测方法,使用网络流统计数据作为用户特征,并结合AdaBoost与支持向量机对用户特征进行训练与预测。在一个真实网络抓包数据集上的实验结果表明,该方法能在有效抵御伪装入侵的同时不侵犯用户隐私,系统检测率为97.5%、误报率为1.1%,且系统检测延时仅为毫秒级,证明了其检测性能优于现有伪装入侵检测方法。 Masquerade intrusion is attack by unauthorized users to obtain access to confidential data or conduct other illegal operation. Currently, masquerade detection largely depends on the retrieval of user's sensitive information to model the user characteristics. To avoid the violation of user privacy, this paper proposes a new masquerade intrusion detection method based on network flow statistical data. User Characteristic modeling is illustrated in details and a hybrid algorithm combining AdaBoost and Support Vector Machine(SVM) is also introduced to train and predict user behavior. Experiments on a real packet data set show that the method can resist masquerade intrusion, preserve user privacy, and its system detection rate is 97.5%, false positive rate is 1.1% when delay is in milliseconds, prove that the detection performance of this method is better than the existing methods.
出处 《计算机工程》 CAS CSCD 2014年第7期78-81,共4页 Computer Engineering
基金 信息网络安全公安部重点实验室开放课题基金资助项目(C12612)
关键词 伪装入侵 支持向量机 网络流 机器学习 分类器 隐私保护 masquerade intrusion Support Vector Machine(SVM) network flow machine learning classifier privacy protection
  • 相关文献

参考文献15

  • 1田新广,段洣毅,程学旗.基于shell命令和多重行为模式挖掘的用户伪装攻击检测[J].计算机学报,2010,33(4):697-705. 被引量:20
  • 2Kim H S,Cha S D. Empirical Evaluation of SVM-based Mas-querade Detection Using UNIX Commands[J].Computers & Security,2005,(02):160-168.
  • 3Schonlau M,Mouchel W. Computer Intrusion:Detecting Mas-querades[J].Statistical Science,2001,(01):58-74.
  • 4Li Ling,Sui Song,Manikopoulos C N. Windows NT User Profiling for Masquerader Detection[A].IEEE Computer Society,2006.386-391.
  • 5Garg A,Rahalkar R,Upadhyaya S. Profiling Users in GUI Based Systems for Masquerade Detection[A].New York,USA:IEEE Computer Society,2006.48-54.
  • 6Strasburg C,Krishnan S,Dorman K. Masquerade Detec-tion in Network Environments[A].Seoul,Korea:IEEE Computer Society,2010.38-44.
  • 7Maxion R A,Townsend T N. Masquerade Detection Augment-ed with Error Analysis[J].IEEE Transactions on Reliability,2004,(01):124-147.
  • 8Lane T,Carla E B. An Empirical Study of Two Approaches to Sequence Learning for Anomaly Detection[J].Machine Learning,2003,(01):73-107.
  • 9梁春林,彭凌西.基于免疫遗传的伪装入侵检测[J].计算机工程与设计,2010,31(23):4968-4970. 被引量:2
  • 10肖喜,田新广,翟起滨,叶润国.基于shell命令和Markov链模型的用户伪装攻击检测[J].通信学报,2011,32(3):98-105. 被引量:6

二级参考文献54

  • 1姜静,谭博学,姜琳.基于改进自适应遗传算法的仿真研究[J].山东理工大学学报(自然科学版),2008,22(6):10-12. 被引量:9
  • 2谭小彬,王卫平,奚宏生,殷保群.基于隐马尔可夫模型的异常检测[J].小型微型计算机系统,2004,25(8):1546-1549. 被引量:9
  • 3田新广,高立志,张尔扬.新的基于机器学习的入侵检测方法[J].通信学报,2006,27(6):108-114. 被引量:15
  • 4王晓丹,孙东延,郑春颖,张宏达,赵学军.一种基于AdaBoost的SVM分类器[J].空军工程大学学报(自然科学版),2006,7(6):54-57. 被引量:22
  • 5VAPNIK V N. The nature of statical learning theory [ M ]. London: Springer-Verlag, 1995.
  • 6VAPNIK V N. Principles of risk minimization for learning theory[ C]// Advances in Neural Information Processing Systems 4. San Francisco: Morgan Kaufmann Publishers, 1992 : 831 - 838.
  • 7FREUND Y, SCHAPIRE R E. A decision-theretic generalization of on-line learning and an application to boosting[J]. Journal of Computer and System Sciences, 1997,55( 1 ) : 119-139.
  • 8DUDA R O,HART P E.模式分类[M].李宏东,等译.北京:电子工业出版社.2001.
  • 9CHANG C C, LIN C J. LIB SVM:a library for support vector machines[ EB/OL]. (2002-03-10). http://www. csie. ntu. edu. tw/-cjlin/papers/guide/guide. pdf.
  • 10LIN C J. LIBSVM [ EB/OL ]. (2003-06-23). http ://www. csie. ntu. edu. tw/- cjlin/.

共引文献46

同被引文献20

引证文献4

二级引证文献39

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部