This paper focuses on the intrusion classification of huge amounts of data in a network intrusion detection system. An intrusion detection model based on deep belief nets (DBN) is proposed to conduct intrusion detec...This paper focuses on the intrusion classification of huge amounts of data in a network intrusion detection system. An intrusion detection model based on deep belief nets (DBN) is proposed to conduct intrusion detection,and the principles regarding DBN are discussed.The DBN is composed of a multiple unsupervised restricted Boltzmann machine (RBM) and a supervised back propagation (BP)network.First,the DBN in the proposed model is pre-trained in a fast and greedy way,and each RBM is trained by the contrastive divergence algorithm.Secondly,the whole network is fine-tuned by the supervised BP algorithm,which is employed for classifying the low-dimensional features of the intrusion data generated by the last RBM layer simultaneously.The experimental results on the KDD CUP 1999 dataset demonstrate that the DBN using the RBM network with three or more layers outperforms the self-organizing maps (SOM)and neural network (NN)in intrusion classification.Therefore,the DBN is an efficient approach for intrusion detection in high-dimensional space.展开更多
Association rules are useful for determining correlations between items. Applying association rules to intrusion detection system (IDS) can improve the detection rate, but false positive rate is also increased. Weight...Association rules are useful for determining correlations between items. Applying association rules to intrusion detection system (IDS) can improve the detection rate, but false positive rate is also increased. Weighted association rules are used in this paper to mine intrustion models, which can increase the detection rate and decrease the false positive rate by some extent. Based on this, the structure of host-based IDS using weighted association rules is proposed.展开更多
Wireless Mesh Networks is vulnerable to attacks due to the open medium, dynamically changing network topology, cooperative algorithms, Lack of centralized monitoring and management point. The traditional way of protec...Wireless Mesh Networks is vulnerable to attacks due to the open medium, dynamically changing network topology, cooperative algorithms, Lack of centralized monitoring and management point. The traditional way of protecting networks with firewalls and encryption software is no longer suffi- cient and effective for those features. In this paper, we propose a distributed intrusion detection ap- proach based on timed automata. A cluster-based detection scheme is presented, where periodically a node is elected as the monitor node for a cluster. These monitor nodes can not only make local intrusion detection decisions, but also cooperatively take part in global intrusion detection. And then we con- struct the Finite State Machine (FSM) by the way of manually abstracting the correct behaviors of the node according to the routing protocol of Dynamic Source Routing (DSR). The monitor nodes can verify every node's behavior by the Finite State Ma- chine (FSM), and validly detect real-time attacks without signatures of intrusion or trained data.Compared with the architecture where each node is its own IDS agent, our approach is much more efficient while maintaining the same level of effectiveness. Finally, we evaluate the intrusion detection method through simulation experiments.展开更多
Wireless Mesh Networks (WMNs) have many applications in homes, schools, enterprises, and public places because of their useful characteristics, such as high bandwidth, high speed, and wide coverage. However, the sec...Wireless Mesh Networks (WMNs) have many applications in homes, schools, enterprises, and public places because of their useful characteristics, such as high bandwidth, high speed, and wide coverage. However, the security of wireless mesh networks is a precondition for practical use. Intrusion detection is pivotal for increasing network security. Considering the energy limitations in wireless mesh networks, we adopt two types of nodes: Heavy Intrusion Detection Node (HIDN) and Light Intrusion Detection Node (LIDN). To conserve energy, the LIDN detects abnorrml behavior according to probability, while the HIDN, which has sufficient energy, is always operational. In practice, it is very difficult to acquire accurate information regarding attackers. We propose an intrusion detection model based on the incomplete inforrmtion game (ID-IIG). The ID-IIG utilizes the Harsanyi transformation and Bayesian Nash equilibrium to select the best strategies of defenders, although the exact attack probability is unknown. Thus, it can effectively direct the deployment of defenders. Through experiments, we analyze the perforrmnce of ID-IIG and verify the existence and attainability of the Bayesian Nash equilibrium.展开更多
The real-valued self set in immunity-based network intrusion detection system (INIDS) has some defects: multi-area and overlapping, which are ignored before. The detectors generated by this kind of self set may hav...The real-valued self set in immunity-based network intrusion detection system (INIDS) has some defects: multi-area and overlapping, which are ignored before. The detectors generated by this kind of self set may have the problem of boundary holes between self and nonself regions, and the generation efficiency is low, so that, the self set needs to be optimized before generation stage. This paper proposes a self set optimization algorithm which uses the modified clustering algorithm and Gaussian distribution theory. The clustering deals with multi-area and the Gaussian distribution deals with the overlapping. The algorithm was tested by Iris data and real network data, and the results show that the optimized self set can solve the problem of boundary holes, increase the efficiency of detector generation effectively, and improve the system's detection rate.展开更多
The wide application of network technology in power systems brings not only convenience and flexibility but also security threats. An architecture of network security for power system was proposed in this study,which ...The wide application of network technology in power systems brings not only convenience and flexibility but also security threats. An architecture of network security for power system was proposed in this study,which protected data and facilities from being attacked by outside users by means of firewall, security monitor and control system. Firewall was basically the first line of defense for the intranet; the security monitoring system was a kind of IDS (Intrusion Detection System), while security control system provided authentication, authorization,data-encrypted transmission and security management. This architecture provides various security services, such as identification, authentication, authorization, data integrity and confidentiality.展开更多
Several data mining techniques such as Hidden Markov Model (HMM), artificial neural network, statistical techniques and expert systems are used to model network packets in the field of intrusion detection. In this pap...Several data mining techniques such as Hidden Markov Model (HMM), artificial neural network, statistical techniques and expert systems are used to model network packets in the field of intrusion detection. In this paper a novel intrusion detection mode based on understandable Neural Network Tree (NNTree) is pre-sented. NNTree is a modular neural network with the overall structure being a Decision Tree (DT), and each non-terminal node being an Expert Neural Network (ENN). One crucial advantage of using NNTrees is that they keep the non-symbolic model ENN’s capability of learning in changing environments. Another potential advantage of using NNTrees is that they are actually “gray boxes” as they can be interpreted easily if the num-ber of inputs for each ENN is limited. We showed through experiments that the trained NNTree achieved a simple ENN at each non-terminal node as well as a satisfying recognition rate of the network packets dataset. We also compared the performance with that of a three-layer backpropagation neural network. Experimental results indicated that the NNTree based intrusion detection model achieved better performance than the neural network based intrusion detection model.展开更多
This paper briefly reviews other people’s works on negative selection algorithm and their shortcomings. With a view to the real problem to be solved, authors bring forward two assumptions, based on which a new immune...This paper briefly reviews other people’s works on negative selection algorithm and their shortcomings. With a view to the real problem to be solved, authors bring forward two assumptions, based on which a new immune algorithm, multi-level negative selection algorithm, is developed. In essence, compared with Forrest’s negative selection algorithm, it enhances detector generation efficiency. This algorithm integrates clonal selection process into negative selection process for the first time. After careful analyses, this algorithm was applied to network intrusion detection and achieved good results.展开更多
Wireless sensor networks are extremely vulnerable to various security threats.The intrusion detection method based on game theory can effectively balance the detection rate and energy consumption of the system.The acc...Wireless sensor networks are extremely vulnerable to various security threats.The intrusion detection method based on game theory can effectively balance the detection rate and energy consumption of the system.The accurate analysis of the attack behavior of malicious sensor nodes can help to configure intrusion detection system,reduce unnecessary system consumption and improve detection efficiency.However,the completely rational assumption of the traditional game model will cause the established model to be inconsistent with the actual attack and defense scenario.In order to formulate a reasonable and effective intrusion detection strategy,we introduce evolutionary game theory to establish an attack evolution game model based on optimal response dynamics,and then analyze the attack behavior of malicious sensor nodes.Theoretical analysis and simulation results show that the evolution trend of attacks is closely related to the number of malicious sensors in the network and the initial state of the strategy,and the attacker can set the initial strategy so that all malicious sensor nodes will eventually launch attacks.Our work is of great significance to guide the development of defense strategies for intrusion detection systems.展开更多
Increasing time-spent online has amplified users' exposure to tile tilreat oI miormanon leakage. Although existing security systems (such as firewalls and intrusion detection systems) can satisfy most of the securi...Increasing time-spent online has amplified users' exposure to tile tilreat oI miormanon leakage. Although existing security systems (such as firewalls and intrusion detection systems) can satisfy most of the security requirements of network administrators, they are not suitable for detecting the activities of applying the HTTP-tunnel technique to steal users' private information. This paper focuses on a network behavior-based method to address the limitations of the existing protection systems. At first, it analyzes the normal network behavior pattern over HTI'P traffic and select four features. Then, it pres- ents an anomaly-based detection model that applies a hierarchical clustering technique and a scoring mechanism. It also uses real-world data to validate that the selected features are useful. The experiments have demonstrated that the model could achieve over 93% hit-rate with only about 3% false- positive rate. It is regarded confidently that the approach is a complementary technique to the existing security systems.展开更多
A personalized trust management scheme is proposed to help peers build up trust between each other in open and flat P2P communities. This scheme totally abandons the attempt to achieve a global view. It evaluates trus...A personalized trust management scheme is proposed to help peers build up trust between each other in open and flat P2P communities. This scheme totally abandons the attempt to achieve a global view. It evaluates trust from a subjective point of view and gives personalized decision support to each peer. Simulation experiments prove its three advantages: free of central control, stronger immunity to misleading recommendations, and limited traffic overload.展开更多
In this paper, we conduct research on the network intrusion detection system based on the modified particle swarm optimization algorithm. Computer interconnection ability put forward the higher requirements for the sy...In this paper, we conduct research on the network intrusion detection system based on the modified particle swarm optimization algorithm. Computer interconnection ability put forward the higher requirements for the system reliability design, the need to ensure that the system can support various communication protocols to guarantee the reliability and security of the network. At the same time also require network system, the server or products have strong ability of fault tolerance and redundancy, better meet the needs of users, to ensure the safety of the information data and the good operation of the network system. For this target, we propose the novel paradigm for the enhancement of the modern computer network that is innovative.展开更多
Because currently intrusion detection systems cannot detect undefined intrusion behavior effectively, according to the robustness and adaptability of the genetic algorithms, this paper integrates the genetic algorithm...Because currently intrusion detection systems cannot detect undefined intrusion behavior effectively, according to the robustness and adaptability of the genetic algorithms, this paper integrates the genetic algorithms into an intrusion detection system, and a detection algorithm based on network traffic is proposed. This algorithm is a real-time and self-study algorithm and can detect undefined intrusion behaviors effectively.展开更多
This paper introduces the cost-sensitive feature weighting strategy and its application in intrusion detection. Cost factors and cost matrix are proposed to demonstrate the misclassification cost for IDS. How to get t...This paper introduces the cost-sensitive feature weighting strategy and its application in intrusion detection. Cost factors and cost matrix are proposed to demonstrate the misclassification cost for IDS. How to get the whole minimal risk, is mainly discussed in this paper in detail. From experiments, it shows that although decision cost based weight learning exists somewhat attack misclassification, it can achieve relatively low misclassification costs on the basis of keeping relatively high rate of recognition precision. Key words decision cost - feature weighting - intrusion detection CLC number TP 393. 08 Foundation item: Supported by the National Natural Science Foundation Key Research Plan of China (90104030) and “20 Century Education Development Plan”Biography: QIAN Quan(1972-), male, Ph. D. research direction: computer network, network security and artificial intelligence展开更多
A set of discrete points obtained from audit records on a behavior session is processed with Fourier transform. The criterion of selecting Fourier transform coefficients is introduced, and is used to find a unified va...A set of discrete points obtained from audit records on a behavior session is processed with Fourier transform. The criterion of selecting Fourier transform coefficients is introduced, and is used to find a unified value from the set of coefficients. This unified value is compared with a threshold to determine whether the session is abnormal. Finally simple test results are reported.展开更多
基金The National Key Technology R&D Program during the 12th Five-Year Plan Period(No.2013BAK01B02)the National Natural Science Foundation of China(No.61373176)the Scientific Research Projects of Shaanxi Educational Committee(No.14JK1693)
文摘This paper focuses on the intrusion classification of huge amounts of data in a network intrusion detection system. An intrusion detection model based on deep belief nets (DBN) is proposed to conduct intrusion detection,and the principles regarding DBN are discussed.The DBN is composed of a multiple unsupervised restricted Boltzmann machine (RBM) and a supervised back propagation (BP)network.First,the DBN in the proposed model is pre-trained in a fast and greedy way,and each RBM is trained by the contrastive divergence algorithm.Secondly,the whole network is fine-tuned by the supervised BP algorithm,which is employed for classifying the low-dimensional features of the intrusion data generated by the last RBM layer simultaneously.The experimental results on the KDD CUP 1999 dataset demonstrate that the DBN using the RBM network with three or more layers outperforms the self-organizing maps (SOM)and neural network (NN)in intrusion classification.Therefore,the DBN is an efficient approach for intrusion detection in high-dimensional space.
文摘Association rules are useful for determining correlations between items. Applying association rules to intrusion detection system (IDS) can improve the detection rate, but false positive rate is also increased. Weighted association rules are used in this paper to mine intrustion models, which can increase the detection rate and decrease the false positive rate by some extent. Based on this, the structure of host-based IDS using weighted association rules is proposed.
基金Acknowledgements Project supported by the National Natural Science Foundation of China (Grant No.60932003), the National High Technology Development 863 Program of China (Grant No.2007AA01Z452, No. 2009AA01 Z118 ), Project supported by Shanghai Municipal Natural Science Foundation (Grant No.09ZRI414900), National Undergraduate Innovative Test Program (091024812).
文摘Wireless Mesh Networks is vulnerable to attacks due to the open medium, dynamically changing network topology, cooperative algorithms, Lack of centralized monitoring and management point. The traditional way of protecting networks with firewalls and encryption software is no longer suffi- cient and effective for those features. In this paper, we propose a distributed intrusion detection ap- proach based on timed automata. A cluster-based detection scheme is presented, where periodically a node is elected as the monitor node for a cluster. These monitor nodes can not only make local intrusion detection decisions, but also cooperatively take part in global intrusion detection. And then we con- struct the Finite State Machine (FSM) by the way of manually abstracting the correct behaviors of the node according to the routing protocol of Dynamic Source Routing (DSR). The monitor nodes can verify every node's behavior by the Finite State Ma- chine (FSM), and validly detect real-time attacks without signatures of intrusion or trained data.Compared with the architecture where each node is its own IDS agent, our approach is much more efficient while maintaining the same level of effectiveness. Finally, we evaluate the intrusion detection method through simulation experiments.
基金This work was partially supported by the National Natural Science Foundation of China under Cxants No. 61272451, No. 61103220, No. 61173154, No. 61173175 the National Critical Patented Projects in the next generation broadband wireless mobile communication network under Grant No. 2010ZX03006-001-01.
文摘Wireless Mesh Networks (WMNs) have many applications in homes, schools, enterprises, and public places because of their useful characteristics, such as high bandwidth, high speed, and wide coverage. However, the security of wireless mesh networks is a precondition for practical use. Intrusion detection is pivotal for increasing network security. Considering the energy limitations in wireless mesh networks, we adopt two types of nodes: Heavy Intrusion Detection Node (HIDN) and Light Intrusion Detection Node (LIDN). To conserve energy, the LIDN detects abnorrml behavior according to probability, while the HIDN, which has sufficient energy, is always operational. In practice, it is very difficult to acquire accurate information regarding attackers. We propose an intrusion detection model based on the incomplete inforrmtion game (ID-IIG). The ID-IIG utilizes the Harsanyi transformation and Bayesian Nash equilibrium to select the best strategies of defenders, although the exact attack probability is unknown. Thus, it can effectively direct the deployment of defenders. Through experiments, we analyze the perforrmnce of ID-IIG and verify the existence and attainability of the Bayesian Nash equilibrium.
基金Supported by the National Natural Science Foundation of China (No. 60671049, 61172168)and Graduate Innovation Project of Heilongjiang (No. YJSCX2011-034HLI)
文摘The real-valued self set in immunity-based network intrusion detection system (INIDS) has some defects: multi-area and overlapping, which are ignored before. The detectors generated by this kind of self set may have the problem of boundary holes between self and nonself regions, and the generation efficiency is low, so that, the self set needs to be optimized before generation stage. This paper proposes a self set optimization algorithm which uses the modified clustering algorithm and Gaussian distribution theory. The clustering deals with multi-area and the Gaussian distribution deals with the overlapping. The algorithm was tested by Iris data and real network data, and the results show that the optimized self set can solve the problem of boundary holes, increase the efficiency of detector generation effectively, and improve the system's detection rate.
文摘The wide application of network technology in power systems brings not only convenience and flexibility but also security threats. An architecture of network security for power system was proposed in this study,which protected data and facilities from being attacked by outside users by means of firewall, security monitor and control system. Firewall was basically the first line of defense for the intranet; the security monitoring system was a kind of IDS (Intrusion Detection System), while security control system provided authentication, authorization,data-encrypted transmission and security management. This architecture provides various security services, such as identification, authentication, authorization, data integrity and confidentiality.
基金Supported in part by the National Natural Science Foundation of China (No.60272046, No.60102011), Na-tional High Technology Project of China (No.2002AA143010), Natural Science Foundation of Jiangsu Province (No.BK2001042), and the Foundation for Excellent Doctoral Dissertation of Southeast Univer-sity (No.YBJJ0412).
文摘Several data mining techniques such as Hidden Markov Model (HMM), artificial neural network, statistical techniques and expert systems are used to model network packets in the field of intrusion detection. In this paper a novel intrusion detection mode based on understandable Neural Network Tree (NNTree) is pre-sented. NNTree is a modular neural network with the overall structure being a Decision Tree (DT), and each non-terminal node being an Expert Neural Network (ENN). One crucial advantage of using NNTrees is that they keep the non-symbolic model ENN’s capability of learning in changing environments. Another potential advantage of using NNTrees is that they are actually “gray boxes” as they can be interpreted easily if the num-ber of inputs for each ENN is limited. We showed through experiments that the trained NNTree achieved a simple ENN at each non-terminal node as well as a satisfying recognition rate of the network packets dataset. We also compared the performance with that of a three-layer backpropagation neural network. Experimental results indicated that the NNTree based intrusion detection model achieved better performance than the neural network based intrusion detection model.
基金Project (No. 60073034) supported by the National Natural Sci-ence Foundation of China
文摘This paper briefly reviews other people’s works on negative selection algorithm and their shortcomings. With a view to the real problem to be solved, authors bring forward two assumptions, based on which a new immune algorithm, multi-level negative selection algorithm, is developed. In essence, compared with Forrest’s negative selection algorithm, it enhances detector generation efficiency. This algorithm integrates clonal selection process into negative selection process for the first time. After careful analyses, this algorithm was applied to network intrusion detection and achieved good results.
基金National Natural Science Foundation of China(No.61163009)。
文摘Wireless sensor networks are extremely vulnerable to various security threats.The intrusion detection method based on game theory can effectively balance the detection rate and energy consumption of the system.The accurate analysis of the attack behavior of malicious sensor nodes can help to configure intrusion detection system,reduce unnecessary system consumption and improve detection efficiency.However,the completely rational assumption of the traditional game model will cause the established model to be inconsistent with the actual attack and defense scenario.In order to formulate a reasonable and effective intrusion detection strategy,we introduce evolutionary game theory to establish an attack evolution game model based on optimal response dynamics,and then analyze the attack behavior of malicious sensor nodes.Theoretical analysis and simulation results show that the evolution trend of attacks is closely related to the number of malicious sensors in the network and the initial state of the strategy,and the attacker can set the initial strategy so that all malicious sensor nodes will eventually launch attacks.Our work is of great significance to guide the development of defense strategies for intrusion detection systems.
基金Supported by the National Natural Science Foundation of China(No.61070185,61003261)the Knowledge Innovation Program of the Chinese Academy of Sciences(No.XDA06030200)
文摘Increasing time-spent online has amplified users' exposure to tile tilreat oI miormanon leakage. Although existing security systems (such as firewalls and intrusion detection systems) can satisfy most of the security requirements of network administrators, they are not suitable for detecting the activities of applying the HTTP-tunnel technique to steal users' private information. This paper focuses on a network behavior-based method to address the limitations of the existing protection systems. At first, it analyzes the normal network behavior pattern over HTI'P traffic and select four features. Then, it pres- ents an anomaly-based detection model that applies a hierarchical clustering technique and a scoring mechanism. It also uses real-world data to validate that the selected features are useful. The experiments have demonstrated that the model could achieve over 93% hit-rate with only about 3% false- positive rate. It is regarded confidently that the approach is a complementary technique to the existing security systems.
基金Supported by the National High-Tech Research and Development Plan of China (863) (No.2003AA142160)
文摘A personalized trust management scheme is proposed to help peers build up trust between each other in open and flat P2P communities. This scheme totally abandons the attempt to achieve a global view. It evaluates trust from a subjective point of view and gives personalized decision support to each peer. Simulation experiments prove its three advantages: free of central control, stronger immunity to misleading recommendations, and limited traffic overload.
文摘In this paper, we conduct research on the network intrusion detection system based on the modified particle swarm optimization algorithm. Computer interconnection ability put forward the higher requirements for the system reliability design, the need to ensure that the system can support various communication protocols to guarantee the reliability and security of the network. At the same time also require network system, the server or products have strong ability of fault tolerance and redundancy, better meet the needs of users, to ensure the safety of the information data and the good operation of the network system. For this target, we propose the novel paradigm for the enhancement of the modern computer network that is innovative.
文摘Because currently intrusion detection systems cannot detect undefined intrusion behavior effectively, according to the robustness and adaptability of the genetic algorithms, this paper integrates the genetic algorithms into an intrusion detection system, and a detection algorithm based on network traffic is proposed. This algorithm is a real-time and self-study algorithm and can detect undefined intrusion behaviors effectively.
文摘This paper introduces the cost-sensitive feature weighting strategy and its application in intrusion detection. Cost factors and cost matrix are proposed to demonstrate the misclassification cost for IDS. How to get the whole minimal risk, is mainly discussed in this paper in detail. From experiments, it shows that although decision cost based weight learning exists somewhat attack misclassification, it can achieve relatively low misclassification costs on the basis of keeping relatively high rate of recognition precision. Key words decision cost - feature weighting - intrusion detection CLC number TP 393. 08 Foundation item: Supported by the National Natural Science Foundation Key Research Plan of China (90104030) and “20 Century Education Development Plan”Biography: QIAN Quan(1972-), male, Ph. D. research direction: computer network, network security and artificial intelligence
基金Supported by the Tianjin Natural Science Fund (003700211) and 863 High Technology Plan (2002AA142010)
文摘A set of discrete points obtained from audit records on a behavior session is processed with Fourier transform. The criterion of selecting Fourier transform coefficients is introduced, and is used to find a unified value from the set of coefficients. This unified value is compared with a threshold to determine whether the session is abnormal. Finally simple test results are reported.
