ISSN 1000-1239 CN 11-1777/TP

• 论文 •

### 在线自适应网络异常检测系统模型与算法

1. 1(北京交通大学软件学院 北京 100044) 2(北京交通大学计算机与信息技术学院 北京 100044) (weixt@bjtu.edu.cn)
• 出版日期: 2010-03-15

### An Online Adaptive Network Anomaly Detection System-Model and Algorithm

Wei Xiaotao1, Huang Houkuan2, and Tian Shengfeng2

1. 1(School of Software, Beijing Jiaotong University, Beijing 100044) 2(School of Computer and Information Technology, Beijing Jiaotong University, Beijing 100044)
• Online: 2010-03-15

Abstract: The extensive usage of Internet and computer networks makes security a critical issue. There is an urgent need for network intrusion detection systems which can actively defend networks against the growing security threats. In this paper, a light weighted online adaptive network anomaly detection system model is presented. The related influence function based anomaly detection algorithm is also provided. The system can process network traffic data stream in real-time, gradually build up its local normal pattern base and intrusion pattern base under a little supervising of the administrator, and dynamically update the contents of the knowledge base according to the changing of the network application patterns. At the checking mode, the system can detect not only the learned intrusion patterns but also the unseen intrusion patterns. The model has a relatively simple architecture, which makes it efficient for processing online network traffic data. Also the detecting algorithm takes little computational time and memory space. The system is tested on the DARPA KDD 99 intrusion detection datasets. It scans 10% of the training dataset and the testing dataset only once. Within 40 seconds the system can finish the whole learning and checking tasks. The experimental results show that the presented model achieves a detection rate of 91.32% and a false positive rate of only 0.43%. It is also capable of detecting new type of intrusions.