摘要
网络入侵检测系统(IDS)是放置在比较重要的网段内或主机上,不停地监视各种传输数据包以及系统审计日志,进行智能分析与判断目的性攻击的系统,是当前网络安全研究的热点问题之一。文中将机器学习(ML)技术加入IDS的检测之中,不仅可以建立已知攻击的特征轮廓,还能检测出其变体和未知攻击,是对入侵检测技术的一个扩展。同时以Sniffer捕获数据为基础数据包,设计并实现了一个基于改进支持向量机(SVM)核函数技术的IDS。通过实验数据对比,说明了该系统在日志分析以及网络嗅探方面的有效性,以及其在时间复杂度等方面的高效性。
IDS is the system,that is placed on the more important subnets or hosts,constantly monitoring various data packets transmission and system audit logs,is one of the hot issues in the current network security research. In this paper,mix ML technology into IDS’ s de-tection,not only can create feature profile of known attacks,but also detect variants and unknown attacks,which is the extension for intru-sion detection technology. Also use Sniffer to capture data,designing and implementing an IDS based on an improved SVM’ s kernel function technology. By the experimental data comparison,illustrate the effectiveness on log analysis and network sniffer,and its high effi-ciency on time complexity.
出处
《计算机技术与发展》
2015年第6期114-118,共5页
Computer Technology and Development
基金
国家自然科学基金资助项目(51475065
U1433124)
辽宁省优秀人才支持计划资助项目(LJQ2013049)
江苏省计算机信息处理技术重点实验室开放基金资助项目(KJS1326)
