动态自学习的高效入侵检测模型研究

doi:1000-436X(2007)12-0033-06

通信学报 ›› 2007, Vol. 28 ›› Issue (12): 33-38.doi: 1000-436X(2007)12-0033-06

动态自学习的高效入侵检测模型研究

杨武¹,张冰²,周渊²,王巍¹

¹ 哈尔滨工程大学信息安全研究中心，黑龙江哈尔滨 150001
² 国家计算机网络应急技术处理协调中心，北京 100029

出版日期:2007-12-25 发布日期:2017-06-15
基金资助:
：国家重点基础研究发展计划（“973”计划）基金资助项目;国家242信息安全计划

Research on a dynamic self-learning efficient intrusion detection model

Wu YANG¹,Bing ZHANG²,Yuan ZHOU²,Wei WANG¹

¹ Information Security Research Center,Harbin Engineering University,Harbin 150001,China
² National Computer Network Emergency Response Technical Team/Coordination Center of China,Beijing 100029,China

Online:2007-12-25 Published:2017-06-15
Supported by:
The National Basic Research Program of China (973 Program);The National 242 Information Security Research Program of China

摘要/Abstract

摘要：

提出了一种基于归纳推理的动态自学习的高效入侵检测模型。将归纳推理方法应用到入侵检测中，提出了适用于入侵检测的增量学习推理算法。通过该算法建立的入侵检测模型能够对不断出现的新的网络行为数据进行自学习，并动态修正模型的行为轮廓，从而克服了传统静态检测模型必须完全重新学习才能更新模型甚至无法重新学习的缺陷，同时较大地提高了入侵检测模型的学习效率和检测效率。

关键词: 网络安全, 入侵检测, 异常检测, 归纳推理, 自学习算法

Abstract:

A dynamic self-learning efficient intrusion detection model was proposed based on inductive reasoning.Applying the method of inductive reasoning into intrusion detection,an incremental inductive reasoning algorithm for intrusion detection was proposed.This model produced by this algorithm can make self-learning over the ever-emerged new network behavior examples and dynamically modify behavior profile of the model,which overcomes the disadva-ntage that the traditional static detecting model must relearn over all the old and new examples,even can not relearn because of limited memory size.And at the same time,the learning efficiency and detecting efficiency of intrusion detection model are improved greatly.

Key words: network security, intrusion detection, anomaly detection, inductive reasoning, self-learning algorithm

杨武,张冰,周渊,王巍. 动态自学习的高效入侵检测模型研究[J]. 通信学报, 2007, 28(12): 33-38.

Wu YANG,Bing ZHANG,Yuan ZHOU,Wei WANG. Research on a dynamic self-learning efficient intrusion detection model[J]. Journal on Communications, 2007, 28(12): 33-38.

图/表 7

图1

图2

图3

图4

表1

图5

图6

参考文献 7

[1]	ILLGU N,KEMMERER , PORRAS P A . State transition analysis:a rule-based intrusion detection approach[J]. IEEE Transaction on Software Engineering, 1995,21(3): 181-199.
[2]	SEQUEIRA K , ZAKI M . ADMIT:anomaly-based data mining for intrusions[A]. Proceedings of the 8thACM SIGKDD International Conference on Knowledge Discovery and Data Mining[C]. Edmonton,Alberta,Canada, 2002. 386-395.
[3]	ANDERSON J P , et al. Detecting unusual program behavior using the statistical components of NIDES[EB/OL]. , 1995.
[4]	DEBAR H , BECKER M , SIBONI D . A neural network component for an intrusion detection system[A]. Proceedings of the 1992 IEEE Symposium on Security and Privacy [C]. Oakland, 1992. 240-251.
[5]	TAYLOR C , FOSS J A . NATE:network analysis of anomalous traffic events,a low-cost approach[A]. Proceedings of the New Security Paradigms Workshop[C]. Clounderoft,New Mexico, 2002.
[6]	DOMINGOS P , HULTEN G . Mining high-speed data streams[A]. Proceedings of the sixth ACM SIGKDD International Conference on knowledge Discovery and Data Mining[C]. Boston,Massachusetts,United States, 2000. 71-80.
[7]	MARON O , MOORE A . Hoeffding races:accelerating model selection search for classification and function approximation[A]. Advances in Neural Information Processing Systems[C]. Morgan Kaufmann,San Mateo,CA, 1994. 59-66.

	VFDT	EIRLAID	C4.5Rules	RIPPER
检测率/%	74.2	76.5	76.3	77

[1]	赵仕祺, 黄小红, 钟志港. 基于信誉的域间路由选择机制的研究与实现[J]. 通信学报, 2023, 44(6): 47-56.
[2]	苏新, 张桂福, 行鸿彦, Zenghui Wang. 基于平衡生成对抗网络的海洋气象传感网入侵检测研究[J]. 通信学报, 2023, 44(4): 124-136.
[3]	谢人超, 文雯, 唐琴琴, 刘云龙, 谢高畅, 黄韬. 轨道交通移动边缘计算网络安全综述[J]. 通信学报, 2023, 44(4): 201-215.
[4]	徐明, 张保俊, 伍益明, 应晨铎, 郑宁. 面向网络攻击和隐私保护的多智能体系统分布式共识算法[J]. 通信学报, 2023, 44(3): 117-127.
[5]	霍纬纲, 梁锐, 李永华. 基于随机Transformer的多维时间序列异常检测模型[J]. 通信学报, 2023, 44(2): 94-103.
[6]	康海燕, 龙墨澜. 基于吸收马尔可夫链攻击图的网络攻击分析方法研究[J]. 通信学报, 2023, 44(2): 122-135.
[7]	郭渊博, 李勇飞, 陈庆礼, 方晨, 胡阳阳. 融合Focal Loss的网络威胁情报实体抽取[J]. 通信学报, 2022, 43(7): 85-92.
[8]	廖建新, 付霄元, 戚琦, 王敬宇, 孙海峰. 6G-ADM：基于知识空间的6G网络管控体系[J]. 通信学报, 2022, 43(6): 3-15.
[9]	段雪源, 付钰, 王坤. 基于VAE-WGAN的多维时间序列异常检测方法[J]. 通信学报, 2022, 43(3): 1-13.
[10]	吴平, 常朝稳, 左志斌, 马莹莹. 基于地址重载的SDN分组转发验证[J]. 通信学报, 2022, 43(3): 88-100.
[11]	孙海丽, 龙翔, 韩兰胜, 黄炎, 李清波. 工业物联网异常检测技术综述[J]. 通信学报, 2022, 43(3): 196-210.
[12]	陈卓, 朱淼, 杜军威. 基于多视角图神经网络的欺诈检测算法[J]. 通信学报, 2022, 43(11): 225-232.
[13]	王一丰, 郭渊博, 陈庆礼, 方晨, 林韧昊. 基于对比学习的细粒度未知恶意流量分类方法[J]. 通信学报, 2022, 43(10): 12-25.
[14]	段雪源, 付钰, 王坤, 刘涛涛, 李彬. 基于多尺度特征的网络流量异常检测方法[J]. 通信学报, 2022, 43(10): 65-76.
[15]	张红斌, 尹彦, 赵冬梅, 刘滨. 基于威胁情报的网络安全态势感知模型[J]. 通信学报, 2021, 42(6): 182-194.

动态自学习的高效入侵检测模型研究

Research on a dynamic self-learning efficient intrusion detection model

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 7

参考文献 7

相关文章 15

Metrics

推荐阅读 0