基于目标预判的网络入侵检测频率自调整算法

doi:10.11772/j.issn.1001-9081.2016.09.2438

计算机应用 ›› 2016, Vol. 36 ›› Issue (9): 2438-2441.DOI: 10.11772/j.issn.1001-9081.2016.09.2438

基于目标预判的网络入侵检测频率自调整算法

杨忠明¹, 梁本来², 秦勇³, 蔡昭权⁴

1. 广东科学技术职业学院计算机工程技术学院, 广东珠海 519090;
2. 中山职业技术学院信息工程学院, 广东中山 528404;
3. 东莞理工大学计算机学院, 广东东莞 523808;
4. 惠州学院教育技术中心, 广东惠州 516007

收稿日期:2016-02-22 修回日期:2016-04-29 出版日期:2016-09-10 发布日期:2016-09-08
通讯作者: 杨忠明
作者简介:杨忠明(1980-),男,广东茂名人,副教授,硕士,CCF会员,主要研究方向:信息安全、智能算法;梁本来(1983-),男,山东济宁人,讲师,硕士,主要研究方向:信息安全、网络路由;秦勇(1970-),男,湖南邵阳人,教授,博士,主要研究方向:网络并行路由优化;蔡昭权(1970-),男,广东陆丰人,教授,硕士,CCF会员,主要研究方向:计算机网络。
基金资助:
国家自然科学基金资助项目（61170193）；广东省工业高新技术领域科技计划项目（2013B010401036）；广东省高等学校优秀青年教师培养计划项目（YQ2014187）；广东省自然科学基金资助项目（s2013010013432）；广东省教育厅科技创新项目（2013KJCX0178）。

Frequency self-adjusting algorithm for network instruction detection based on target prediction

YANG Zhongming¹, LIANG Benlai², QIN Yong³, CAI Zhaoquan⁴

1. College of Computer Engineering Technical, Guangdong Institute of Science and Technology, Zhuhai Guangdong 519090, China;
2. College of Information Engineering, Zhongshan Polytechnic, Zhongshan Guangdong 528404, China;
3. College of Computer Science, Dongguan University of Technology, Dongguan, Guangdong 523808, China;
4. Information Technology Center, Huizhou University, Huizhou Guangdong 516007, China

Received:2016-02-22 Revised:2016-04-29 Online:2016-09-10 Published:2016-09-08
Supported by:
This work is partially supported by the National Natural Science Foundation of China (61170193), the Science and Technology Project in the Field of Industrial High and New Technology of Guangdong Province (2013B010401036), the Training Program for Outstanding Young Teachers in Guangdong Province (YQ2014187), and the Natural Science Foundation of Guangdong Province (S2013010013432).

摘要/Abstract

摘要： 在集群环境中，入侵者攻击特定目标是提高攻击效率一种常规手段，有针对性地调度计算资源可有效提高检测效率。提出一种基于攻击目标预判的网络入侵检测系统（NIDS）的检测频率自调整算法DFSATP，检测分析采集到的数据，将发往潜在被攻击目标范围的数据列为高危数据，其余数据为低危数据，指引网络入侵检测系统高频检测发往预测目标的高危数据包，低频检测低危数据包，从而提高NIDS的检测效率，保障在有限的计算资源情况下提高异常数据的检出率。模拟实验结果表明，在高速网络环境下，DFSATP对NIDS检测频率的调整，使得异常数据的检出率得到了一定程度的提升。

关键词: 入侵检测, 检测频率, 攻击目标预判, 检出率, 高危数据, 低危数据

Abstract: In cluster, it is a conventional method to increase attack efficiency for intruder by attacking the specific target, so it is effective to improve the detection efficiency by scheduling the computing resource contrapuntally. A frequency self-adjusting algorithm for Network Intrusion Detection System (NIDS) based on target prediction, named DFSATP, was proposed. By detecting and analyzing the collected data packets, the data packets sent to potentially attacked targets were marked as high risk data and the other packets were marked as low risk data. The efficiency of NIDS was improved by high frequency detection of high risk data packets and low frequency detection of low risk packets, thus the detection rate of abnormal data was also increased to some extent in limited computing resource circumstances. The simulation results show that the detection rate of abnormal data packets is increased because of the detection frequency adjustment of NIDS by using DFSATP.

Key words: intrusion detection, detection frequency, target pre-detection, detection rate, high risk data, low risk data

中图分类号:

TP393

杨忠明, 梁本来, 秦勇, 蔡昭权. 基于目标预判的网络入侵检测频率自调整算法[J]. 计算机应用, 2016, 36(9): 2438-2441.

YANG Zhongming, LIANG Benlai, QIN Yong, CAI Zhaoquan. Frequency self-adjusting algorithm for network instruction detection based on target prediction[J]. Journal of Computer Applications, 2016, 36(9): 2438-2441.

参考文献

[1] 杨雅辉,黄海珍,沈晴霓,等.基于增量式GHSOM神经网络模型的入侵检测研究[J].计算机学报, 2014, 37(5): 1216-1224.(YANG Y H, HUANG H Z, SHEN Q N, et al. Research on intrusion detection based on incremental GHSOM [J]. Chinese Journal of Computers, 2014, 37(5): 1216-1224.)
[2] SCHAELICKE L, WHEELER K, FREELAND C. SPANIDS: a scalable network intrusion detection load balancer [C] //CF '05: Proceedings of the 2nd Conference on Computing Frontiers. New York: ACM, 2005:315- 322.
[3] 史志才,夏永祥.高速网络环境下的入侵检测技术研究综述[J].计算机应用研究,2010,27(5):1606-1610.(SHI Z C, XIA Y X. Survey on intrusion detection techniques for high-speed networks [J]. Application Research of Computers, 2010, 27(5): 1606-1610.)
[4] IHEAGWARA C, BLYTH A, SINGHAL M. A comparative experimental evaluation study of intrusion detection system performance in a gigabit environment [J]. Journal of Computer Security, 2003, 11(1): 1-33.
[5] 唐谦,张大方.入侵检测中模式匹配算法的性能分析[J].计算机工程与应用, 2005, 41(17): 136-138.(TANG Q, ZHANG D F. Performance analysis of pattern matching algorithms for intrusion detection [J]. Computer Engineering and Applications, 2005, 41(17): 136-138.)
[6] PATCHA A, PARK J M. An overview of anomaly detection techniques: existing solutions and latest technological trends [J]. Computer Networks, 2007, 51(12): 3448-3470.
[7] CHAWLA N V, BOWYER K W, HALL L O, et al. SMOTE: synthetic minority over-sampling technique [J]. Journal of Artificial Intelligence Research, 2002, 16(1): 321-357.
[8] 林舒杨,李翠华,江弋,等.不平衡数据的降采样方法研究[J].计算机研究与发展,2011,48(Suppl.):47-53.(LIN S Y, LI C H, JIANG Y, et al. Under-sampling method research in class-imbalanced data [J]. Journal of Computer Research and Development, 2011, 48(Suppl.): 47-53.)
[9] DAS A, NGUYEN D, ZAMBRENO J, et al. An FPGA-based network intrusion detection architecture [J]. IEEE Transactions on Information Forensics and Security, 2008, 3(1): 118-132.
[10] 谷凤娜,张志斌,王丽宏.基于分布式入侵检测系统的负载均衡算法的比较[J].计算机科学,2008,35(11):63-73.(GU F N, ZHANG Z B, WANG L H. Comparison among load balancing algorithms based on distributed NIDS [J]. Computer Science, 2008, 35(11): 63-66.)
[11] 曾茂林,文志诚,杨润,等.一种提高网络入侵检测系统检测率的方法[J].湖南工业大学学报,2011,25(2):62-66.(ZENG M L, WEN Z H, YANG R, et al. A method to improve the accuracy of network intrusion detection system [J]. Journal of Hunan University of Technology, 2011, 25(2): 62-66.)
[12] 傅蓉蓉,郑康锋,芦天亮,等.基于危险理论的无线传感器网络入侵检测模型[J].通信学报,2012,33(9):31-37.(FU R R, ZHENG K F, LU T L, et al. Danger theory inspired intrusion detection model for wireless sensor networks[J]. Journal on Communications, 2012, 33(9): 31-37.)
[13] 张文兴,樊捷杰.基于KKT和超球结构的增量SVM算法的云架构入侵检测系统[J].计算机应用,2015,35(10):2886-2890.(ZHANG W X, FAN J J. Cloud architecture intrusion detection system based on KKT condition and hyper-sphere incremental SVM algorithm[J]. Journal of Computer Applications, 2015, 35(10): 2886-2890.)
[14] 程建,张明清,刘小虎,等.基于人工免疫的分布式入侵检测模型[J].计算机应用,2014,34(1):86-89.(CHENG J, ZHANG M Q, LIU X H, et al. Distributed intrusion detection model based on artificial immune[J]. Journal of Computer Applications, 2014,34(1):86-89.)

[1]	张师鹏, 李永忠, 杜祥通. 基于半监督学习和三支决策的入侵检测模型[J]. 计算机应用, 2021, 41(9): 2602-2608.
[2]	王月, 江逸茗, 兰巨龙. 基于改进三元组网络和K近邻算法的入侵检测[J]. 计算机应用, 2021, 41(7): 1996-2002.
[3]	王垚, 孙国梓. 基于聚类和实例硬度的入侵检测过采样方法[J]. 计算机应用, 2021, 41(6): 1709-1714.
[4]	张全龙, 王怀彬. 基于膨胀卷积和门控循环单元组合的入侵检测模型[J]. 计算机应用, 2021, 41(5): 1372-1377.
[5]	任晓奎, 刘鹏飞, 陶志勇, 刘影, 白立春. 基于单快拍信号到达角估计算法的室内入侵检测[J]. 计算机应用, 2021, 41(4): 1153-1159.
[6]	程小辉, 牛童, 汪彦君. 基于序列模型的无线传感网入侵检测系统[J]. 计算机应用, 2020, 40(6): 1680-1684.
[7]	欧彬利, 钟夏汝, 代建华, 杨田. 基于变精度覆盖粗糙集的入侵检测方法[J]. 计算机应用, 2020, 40(12): 3465-3470.
[8]	李中伟, 谭凯, 关亚东, 姜文淇, 叶麟. 车载CAN总线脱离攻击及其入侵检测算法[J]. 计算机应用, 2020, 40(11): 3224-3228.
[9]	池亚平, 莫崇维, 杨垠坦, 陈纯霞. 面向软件定义网络架构的入侵检测模型设计与实现[J]. 计算机应用, 2020, 40(1): 116-122.
[10]	杨宏宇, 王峰岩. 基于改进卷积神经网络的网络入侵检测模型[J]. 计算机应用, 2019, 39(9): 2604-2610.
[11]	曹卫东, 许志香. 高效的半监督多层次入侵检测算法[J]. 计算机应用, 2019, 39(7): 1979-1984.
[12]	潘建国, 李豪. 基于实用拜占庭容错的物联网入侵检测方法[J]. 计算机应用, 2019, 39(6): 1742-1746.
[13]	郭旭东, 李小敏, 敬如雪, 高玉琢. 基于改进的稀疏去噪自编码器的入侵检测[J]. 计算机应用, 2019, 39(3): 769-773.
[14]	胡健, 苏永东, 黄文载, 肖鹏, 刘玉婷, 杨本富. 基于互信息加权集成迁移学习的入侵检测方法[J]. 计算机应用, 2019, 39(11): 3310-3315.
[15]	沈学利, 覃淑娟. 基于SMOTE和深度信念网络的异常检测[J]. 计算机应用, 2018, 38(7): 1941-1945.

基于目标预判的网络入侵检测频率自调整算法

Frequency self-adjusting algorithm for network instruction detection based on target prediction

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics