高级检索

    基于SOFM和快速最近邻搜索的网络入侵检测系统与攻击分析

    Network Intrusion Detection and Attack Analysis Based on SOFM with Fast Nearest-Neighbor Search

    • 摘要: 近年来越来越多的机器学习算法被应用到入侵检测中.但是在网络入侵检测系统(NIDS)中,随着网络规模和速度的增加,一般机器学习算法难以满足入侵检测系统实时性的要求,这也是困扰机器学习算法在入侵检测领域进一步实用化的主要瓶颈之一.为了增加网络入侵检测系统的可用性和实时性,提出了一种基于自组织特征映射(SOFM)的网络入侵检测系统,并且在此基础上实现了一种面向提高入侵检测效率的快速最近邻搜索算法VENNS,以减少系统训练和系统检测时间开销.在DARPA1999入侵检测评估数据的基础上,进行了系统的综合性能评价和对比分析.实验证明,系统在维持较低误报率的基础上取得较高的检测率;系统效率大大提高:训练时间开销大约达到改进前的1/4,检测时间开销则约达到改进前的1/7.

       

      Abstract: Owing to computer attacks becoming more complex, more and more machine learning algorithms are increasingly proposed to solve the problems of intrusion detection. But these algorithms have wide gap when applied in network intrusion detection systems(NIDS), especially in high-speed networking environments. In this paper, An NIDS based on self-organizing feature map (SOFM) is proposed. And to achieve more efficiency and usability, the vector elimination nearest-neighbor search (VENNS) algorithm is implemented for the NIDS, where the final aim is to reduce the system computational cost of training and detection. Using the DARPA Intrusion Detection Evaluation Data Set, the performance evaluation and comparison analysis are implemented. It is shown that network attacks are detected with the higher detection rates and relatively the lower false positive rates. The performance and efficiency of NIDS are improved greatly: the training time cost the detection time cost can be shortened about by four times and seven times respectively.

       

    /

    返回文章
    返回