网络入侵检测系统中的漂移检测

doi:10.11959/j.issn.1000-0801.2015058

Abstract

Abstract:

The recent intrusion detection systems based on machine learning generally assume that the intrusion traffic always satisfies stationary of statistics.However,this assumption is not always held when adversaries arbitrarily alter the distribution of traffic data,or develop new attack techniques,which may reduce the detection rate.To overcome this adversarial drift,a novel drift detection approach based on weighted Rényi distance was suggested.The experiment on KDD Cup99 shows that the weighted Rényi distance is able to perfectly detect the adversarial drift,and improve the intrusion detection rate by retraining the model.

Key words: intrusion detection, attack traffic, adversarial drift, weighted Rényi distance

Yaguan Qian,Xiaohui Guan. Adversarial Drift Detection in Intrusion Detection System[J]. Telecommunications Science, 2015, 31(3): 67-73.

Figures/Tables 12

References 20

1	陆悠，李伟，罗军舟等. 一种基于选择性协同学习的网络用户异常行为检测方法. 计算机学报， 2014,37（1）:28～40 Lu Y , Li W , Luo J Z , et al. A network user's abnormal behavior detection approach based on selective collaborative learning. Chinese Journal of Computers, 2014,37（1）:28～40
2	张晓惠，林柏钢 . 基于特征选择和多分类支持向量机的异常检测. 通信学报， 2009,30（10A）:68～73 Zhang X H , Lin B G . Anomaly detection based on feature selection and multi-class support vector machines. Journal on Communications, 2009,30（10A）:68～73
3	李洋，方滨兴，郭莉等. 基于主动学习和 TCM-KNN 方法的有指导入侵检测技术. 计算机学报， 2007,30（8）:1464～1473 Li Y , Fang B X , Guo L et al. Supervised intrusion detection based on active learning and TCM-KNN algorithm. Chinese Journal of Computers, 2007,30（8）:1464～1473
4	Li Y , Li W , Wu G . An intrusion detection approach using SVM and multiple kernel method. International Journal of Advancements in Computing Technology, 2012,4（1）:463～469
5	Biggio B , Corona I , Nelson B et al. Security Evaluation of Support Vector Machines in Adversarial Environments. Berlin:Springer International Publishing, 2014
6	Damopoulos D , Menesidou S A , Kambourakis G et al. Evaluation of anomaly-based IDS for mobile devices using machine learning classifiers. Security and Communication Networks, 2012,5（1）:3～14
7	Laskov P , Lippmann R . Machine learning in adversarial environments. Machine Learning, 2010,81（2）:115～119
8	Singh A , Walenstein A , Lakhotia A . Tracking concept drift in malware families. Proceedings of the 5th ACM Workshop on Security and Artificial Intelligence, Raleigh,USA, 2012:81～92
9	Kantchelian A , Afroz S , Huang L et al. Approaches to adversarial drift.Proceedings of the 2013 ACM Workshop on Artificial Intelligence and Security. 2013:99～110
10	Barreno M , Nelson B , Joseph A D , et al. The security of machine learning. Machine Learning, 2010,81（2）:121～148
11	Newsome J , Karp B , Song D . Paragraph:Thwarting Signature Learning by Training Maliciously. Berlin:Springer Berlin Heidelberg, 2006
12	Tsymbal A . The problem of concept drift:definitions and related work. Computer Science Department, Trinity College Dublin, 2004
13	Widmer G , Kubat M . Learning in the presence of concept drift and hidden contexts. Machine Learning, 1996,23（1）:69～101
14	Zliobaite I . Learning Under Concept Drift:an Overview. Technical Report,Vilnius University, 2009
15	Kelly M G , Hand D J , Adams N M . The impact of changing populations on classifier performance. Proceedings of the Fifth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, San Diego, 1999:367～371
16	Van Erven T , Harremo?s P . Rényi divergence and majorization.Proceedings of 2010 IEEE International Symposium on Information Theory（ISIT）. Austin,Texas,USA, 2010:1335～1339
17	Yu S , Zhou W , Doss R . Information theory based detection against network behavior mimicking DDoS attacks. Communications Letters, 2008,12（4）:318～321
18	Jaynes E T . Information theory and statistical mechanics. Physical Review, 1957,106（4）
19	Shannon C E . A mathematical theory of communication. The Bell System Technical Journal, 1948（27）:379～423,623～656
20	Hettich S , Bay S D . KDD cup 1999. , 2007

Metrics

Recommended 0

No Suggested Reading articles found!

DoS	数据集D1（flow数）	数据集D2（flow数）
apache2	/	794
Back	2 203	1 098
Land	21	9
Mailbomb	/	5 000
Neptune	107 201	58 001
Pod	264	87
Processtable	/	759
Smurf	280 790	164 091
Teardrop	979	12
Udpstorm	/	2

U2R	数据集D1（flow数）	数据集D2（flow数）
Buffer_overflow	30	22
Httptunnel	/	158
Loadmodule	9	2
Perl	3	2
Ps	/	16
Rootkit	10	13
Sqlattack	/	2
Xterm	/	13

Probe	数据集D1（flow数）	数据集D2（flow数）
Ipsweep	1 247	306
Mscan	/	1 053
Nmap	231	84
Portsweep	1 040	354
Saint	/	736
Satan	1 589	1 633

R2L	数据集D1（flow数）	数据集D2（flow数）
ftp_write	8	3
Guess_passwd	53	4 367
Imap	12	1

[1]	Jianwu ZHANG,Jiasen HUANG,Di ZHOU. Intrusion detection model based on fuzzy theory and association rules [J]. Telecommunications Science, 2019, 35(5): 59-69.
[2]	Shigen SHEN,Sheng FENG,Haiping ZHOU,Longjun HUANG,Keli HU,Qiying CAO. Optimal approach of suppressing WSN malware propagation based on cloud computing and dynamic Bayesian game [J]. Telecommunications Science, 2018, 34(9): 78-86.
[3]	Chunqin ZANG,Lichun XIE. Network intrusion detection method based on improved FCM and rule parameter optimization in cloud environment [J]. Telecommunications Science, 2018, 34(1): 72-79.
[4]	Tingting LU,Xu HAN. Fuzzy intrusion detection system for MANET packet dropping attack [J]. Telecommunications Science, 2016, 32(10): 124-129.
[5]	Han Qiu,Julong Lan,Yangfeng Ou,Chuanhao Zhang,Yanhong Wang. Broadcasting Bidirectional Access Network Intrusion Detection System Facing Tri-Networks Integration [J]. Telecommunications Science, 2015, 31(6): 32-38.
[6]	Xiaohui Guan,Yaguan Qian. A Network Traffic Classification Method for Class-Imbalanced Data [J]. Telecommunications Science, 2015, 31(6): 79-85.
[7]	Dongliang Xu,Hongli Zhang,Lei Zhang,Chongchong Yao. Study on Pattern Matching in Network Security [J]. Telecommunications Science, 2015, 31(3): 115-123.
[8]	Qian Yaguan and Guan Xiaohui. Adversarial Drift Detection in Intrusion Detection System [J]. Telecommunications Science, 2015, 31(3): 2015058-.
[9]	Xu dongliang,Zhang Hongli,Zhang Lei and Yao Chongchong. Study on Pattern Matching in Network Security [J]. Telecommunications Science, 2015, 31(3): 2015068-.
[10]	Wang Xianglin,Zhu Chen,Sun Dongmei,Li Mingyue and Shen Qingzi. Research of Neighbor Discovery Security in IPv6 Network Protocol [J]. Telecommunications Science, 2013, 29(7): 43-48.
[11]	Xianglin Wang,Chen Zhu,Dongmei Sun,Mingyue Li,Qingzi Shen. Research of Fragment Mechanism Security in IPv6 Network Protocol [J]. Telecommunications Science, 2013, 29(10): 108-113.

Adversarial Drift Detection in Intrusion Detection System

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 12

References 20

Related Articles 11

Metrics

Recommended 0