改进的BP神经网络在入侵检测中的研究及应用
|
摘要
计算机网络和信息技术的快速发展,使人们日常生活及工作环境与计算机网络和信息系统的关系越来越密切,对网络安全的要求也越来越高。当前网络安全防护技术有访问控制、数据加密、防病毒、防火墙、入侵检测技术等。主动地对网络进行安全防护的入侵检测系统成为网络安全技术发展的一个新方向,是传统网络安全技术的必要补充。
入侵检测的方法有很多,但检测率低、误报率高是目前入侵检测系统普遍存在的问题,而攻击方式的不断更新对入侵检测系统的灵活性、智能性提出了更高的要求。神经网络具有并行计算、自适应学习、自组织、抗干扰能力强,可以处理不完整有失真的数据等特性。使其在入侵检测领域得以应用,适应了入侵检测发展的需要。
BP神经网络在入侵检测领域中已经得到广泛应用。但是BP算法本身具有训练时间长且易收敛到局部最小的缺点。目前对BP算法改进的研究应用很多,产生了许多优秀的BP改进算法。但改进的BP算法在入侵检测领域中应用的研究目前还较少。
本文分析了当前的入侵检测系统及神经网络技术;分析和比较了BP算法和两种改进的BP算法;基于网络入侵检测类型的需要对三种算法建立了4层的神经网络模型,把该模型应用到入侵检测中。在参照国际入侵检测标准化组织(CIDF)提出的通用入侵检测框架的基础上,设计了一个基于BP神经网络的入侵检测模型。该模型能从网络上捕获数据包经过预处理后提取18个属性特征作为神经网络的输入数据,训练和测试神经网络后从中抽取出规则,建立规则库,检测分析是基于规则匹配的结果作出响应。因此,该检测模型可用于滥用检测。对检测模型输入一定比列的正常数据和异常数据,从试验检测结果分析来看,两种改进的BP算法在网络入侵检测模型中运用后均有较好的表现,提高了入侵检测的准确性和检测模型的整体性能,在一定程度上解决了入侵检测系统中误报率和漏报率较高的根本性问题。最后基于本研究的不足,指出了下一步的研究方向。
With the quick development of computer network and information technology, People more and more closely depend on them on their daily life and work, thus, highly requirement is mentioned to network security. Currently there are plenty of protection technologies of network security, such as access controlling, data encryption, Anti-virus, firewall, intrusion detection system and so on. The developing intrusion detection system, which can initiatively defend network, unavoidly become a primary direction of the network security development. It is a necessary complement to traditional network security technology.
There are many methods in Intrusion detection technology. A common problem consisting in these methods is the low detection's rate and high false reporting. Furthermore, the continuously changing in attack modes imposed more highly demands on flexibility and intelligency of the intrusion detection system. Neural network's outstanding abilities, parallel computing, non-linearity, self-adaptive, handling distortion data, antijamming ability, make itself have been applied in the intrusion detection field, adapted to the needs of the development of Intrusion detection.
BP network has been broadly applied in the intrusion detection field. But it has the disadvantage of longer training time and be trapped in local minimization value. At present, there are many Researches and Applications of BP algorithm, some outstanding improved BP algorithms have been produced. But rarely study on the improved BP algorithms applicating in the field of intrusion detection.
The paper analyzed the current intrusion detection system and the neural network technology, compared BP algorithm and two improved BP algorithms, builded four levels neural network model based on these three BP algorithms ,used this model to intrusion detection system. According to the Common Intrusion Detection Framework which is proposed by International Intrusion Detection System Standardization Organization, the author designed an intrusion detection model based on BP neural network. This model can capture data packet from network, after data advance disposal , picked-up eighteen attributes as imported data of neural network , extracting intrusion detection rules after trained and tested neural network, build rule storeroom, based on the matching results of rules to detect and analyse. Thereby, the model can be used to both misuse detection and anomaly detection. From the test results, the two improved BP algorithms can be better applied in the network intrusion detection model. They can reduce the amount of the testing process and increase the accuracy of detection. Moreover, they can improve the system's overall performance. To some extent it solved the problem of the intrusion detection system the high rate of error and omit. Finally, based on the shortage of this research, the author presents the next study plan.
入侵检测的方法有很多,但检测率低、误报率高是目前入侵检测系统普遍存在的问题,而攻击方式的不断更新对入侵检测系统的灵活性、智能性提出了更高的要求。神经网络具有并行计算、自适应学习、自组织、抗干扰能力强,可以处理不完整有失真的数据等特性。使其在入侵检测领域得以应用,适应了入侵检测发展的需要。
BP神经网络在入侵检测领域中已经得到广泛应用。但是BP算法本身具有训练时间长且易收敛到局部最小的缺点。目前对BP算法改进的研究应用很多,产生了许多优秀的BP改进算法。但改进的BP算法在入侵检测领域中应用的研究目前还较少。
本文分析了当前的入侵检测系统及神经网络技术;分析和比较了BP算法和两种改进的BP算法;基于网络入侵检测类型的需要对三种算法建立了4层的神经网络模型,把该模型应用到入侵检测中。在参照国际入侵检测标准化组织(CIDF)提出的通用入侵检测框架的基础上,设计了一个基于BP神经网络的入侵检测模型。该模型能从网络上捕获数据包经过预处理后提取18个属性特征作为神经网络的输入数据,训练和测试神经网络后从中抽取出规则,建立规则库,检测分析是基于规则匹配的结果作出响应。因此,该检测模型可用于滥用检测。对检测模型输入一定比列的正常数据和异常数据,从试验检测结果分析来看,两种改进的BP算法在网络入侵检测模型中运用后均有较好的表现,提高了入侵检测的准确性和检测模型的整体性能,在一定程度上解决了入侵检测系统中误报率和漏报率较高的根本性问题。最后基于本研究的不足,指出了下一步的研究方向。
With the quick development of computer network and information technology, People more and more closely depend on them on their daily life and work, thus, highly requirement is mentioned to network security. Currently there are plenty of protection technologies of network security, such as access controlling, data encryption, Anti-virus, firewall, intrusion detection system and so on. The developing intrusion detection system, which can initiatively defend network, unavoidly become a primary direction of the network security development. It is a necessary complement to traditional network security technology.
There are many methods in Intrusion detection technology. A common problem consisting in these methods is the low detection's rate and high false reporting. Furthermore, the continuously changing in attack modes imposed more highly demands on flexibility and intelligency of the intrusion detection system. Neural network's outstanding abilities, parallel computing, non-linearity, self-adaptive, handling distortion data, antijamming ability, make itself have been applied in the intrusion detection field, adapted to the needs of the development of Intrusion detection.
BP network has been broadly applied in the intrusion detection field. But it has the disadvantage of longer training time and be trapped in local minimization value. At present, there are many Researches and Applications of BP algorithm, some outstanding improved BP algorithms have been produced. But rarely study on the improved BP algorithms applicating in the field of intrusion detection.
The paper analyzed the current intrusion detection system and the neural network technology, compared BP algorithm and two improved BP algorithms, builded four levels neural network model based on these three BP algorithms ,used this model to intrusion detection system. According to the Common Intrusion Detection Framework which is proposed by International Intrusion Detection System Standardization Organization, the author designed an intrusion detection model based on BP neural network. This model can capture data packet from network, after data advance disposal , picked-up eighteen attributes as imported data of neural network , extracting intrusion detection rules after trained and tested neural network, build rule storeroom, based on the matching results of rules to detect and analyse. Thereby, the model can be used to both misuse detection and anomaly detection. From the test results, the two improved BP algorithms can be better applied in the network intrusion detection model. They can reduce the amount of the testing process and increase the accuracy of detection. Moreover, they can improve the system's overall performance. To some extent it solved the problem of the intrusion detection system the high rate of error and omit. Finally, based on the shortage of this research, the author presents the next study plan.
引文
[1]http://www.cnetnews.com.cn/2007/1027/583896.shtml[EB/OL],2007-10.
[2]CNCERT/CC2007年上半年网络安全报告[EB/OL].http://www.gxis.org/download/2007/0822/down_21.html,2007-08.
[3]Eric Cole.黑客攻击透析与防范[M].北京:电子工业出版社,2002.
[4]阎平儿,张长水.人工神经网络与模拟进化计算[M].北京:清华大学出版社,2000.
[5]Heady,George.The Architecture of a Network Level Intrusion Detection System[R].Technical Report CS90-20,Department of Computer Science,University of New Mexico,1999.
[6]Stefan Axelsson.Intrusion Detection System:A Survey and Taxonomy[R].Technical Report 99-15,2000.
[7]Foreest S,Hofmeyr SA,Somayaji A.A Sense of self for Unix process [A].Proceedings of 1996 IEEE Symposium on Computer Security and Privacy[C].Oakland,California:IEEE Computer Society Press,1996.120-128.
[8]R.Lippmann,J.Haines,D.Fried,J.Korba,K.Das.The 1999 DARPA off-line intrusion detection evaluation[J].Computer Networks,34,2000,579-595.
[9]Allen J,Christie A,Fithen Wetal.State of the practice of intrusion detection technologies[R],technical report(CMU/SEI-99-TR-028),January 2000.
[10]Briney.A New Direction in Intrusion Detection.http://www.infosecuritymag.com,August,2001
[11]苏辉贵.基于负载均衡的入侵检测技术应用研究[广东工业大学硕士学位论文][D].广东工业大学,2007,14-15.
[12]Widrow B.Neural Network Application in Industry,Business and Science[J].Communication of the ACM,2004,37:93-105.
[13]Debar H,Becke M,Siboni D.A.Neural Network Component for an Intrusion Detection System[C].In Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy,1992.
[14]Kymei Tan.The Application of Neural Networks to UNIX Computer Security[C].In Proceedings of the IEEE International Conference on Neural Networks,1999,1:476-481.
[15]Ghosh A,Schwartzbard A,Schatz A.Learning Program Behavior Profiles for Intrusion Detection[C].Proceedings of the Workshop on Intrusion Detection and Network Monitoring,Santa Clara,1999,04,09-12.
[16]Cannady J.Artificial Neural Networks for Misuse Detection[C].Proceedings of the 21st National Information Systems Security Conference,Arlington,VA,2001,10,05-08.
[17]J.M.Bonifacio,A.M.Cansian,A.C.Carvalho.Neural network applied in intrusion detection systems[C].Proceedings of the 1998 IEEE International Joint Conference on Neural Networks.New Jersey:IEEE Piscataway,2000,205-210.
[18]Lippmann R P,Cunningham R K.Improving Intrusion Detection Performance Using Keyword Selection and Neural Networks[J].Computer Networks-the International Journal of Computer and Telecommunications Networking,2000,34(4):597-603.
[19]李家春,李之棠.神经模糊入侵检测系统的研究[J].计算机工程与应用,2001,17.
[20]肖道举,毛辉,陈晓苏.BP神经网络在入侵检测中的应用[J].华中科技大学学报(自然科学版),2003,5.
[21]金聪.前馈神经网络误差函数的结构形式[J].计算机研究与发展,2003,7.
[22]杨博,王亚东,苏小红.一种基于误差放大的快速BP学习算法[J].计算机研究与发展,2004,5.
[23]李焱.基于神经网络的入侵检测:[华中科技大学硕士学位论文][D].武汉:华中科技大学,2006,23-24.
[24]Martin T.hagan,Howard B.Demuth,Mark H.Beale.Neural Network Design[M].第一版,戴葵 翻译,北京;机械工业出版社,2002
[25]Luo Z.On the Convergence of the LMS Algorithm with Adaptive Learning Rate for Linear Feedforward Networks[J].Neural Computation,1999,226-245.
[26]吕俊,张兴华.几种快速BP算法比较研究[J].现代电子技术.2003,24(7):101-103
[27]王琳.径向基神经网络在入侵检测中的应用研究:[广东工业大学硕士学位论文][D].广东工业大学,2006,25-26.
[28]周志华,曹存根.神经网络及其应用[M].清华大学出版社,2004.
[29]蒋建春,马恒太,任党恩等.网络安全入侵检测研究综述[J].软件学报,2000,11(11):1460-1462.
[30]邓琦皓.分布式主动协同入侵检测系统研究与实践:[中国人民解放军信息工程大学博士学位论文][D].郑州:中国人民解放军信息工程大学,2005,68-69.
[31]S.Staniford-Chen,Tung B,Schnackenberg D.The common intrusion detection framework(CIDF)[M].The information survivabilityy workshop.
[32]唐正军.入侵检测技术导论[M].北京:机械工业出版社,2004,124-135
[33]The BSD packet filter:a new architecture for user-level packet capture[A].McCanne S,Jacobson V.Proceedings of the 1993 Winter USENIX Technical Conference[C].San Diego:CA,1999,37-39.
[34]W.Ricjard Stevens.UNIX Network Programming Volume I Networking APIs:Sockets and XTI(second edition)[M].Prentice Hall PTR,1998,434.
[35]Andrew S.Tanenbaum著,计算机网络[M],熊桂喜,王小虎等译,清华大学出版社,1998.7.
[36]Snort Lightweight Intrusion Detection for Networks[A].Martin Roesch.USENIX LISA Conference,November 1999.
[37]Joel Scambray,Stuart McClure,杨洪涛 译,Windows 2000黑客大曝光[M],清华大学出版社,2002
[38]飞思科技产品研发中心.MATLAB6.5辅助神经网络分析与设计[M].北京:电子工业出版社,2003.
[39]何强,何英.MATLAB扩展编程[M].北京:清华大学出版社,2002.
[2]CNCERT/CC2007年上半年网络安全报告[EB/OL].http://www.gxis.org/download/2007/0822/down_21.html,2007-08.
[3]Eric Cole.黑客攻击透析与防范[M].北京:电子工业出版社,2002.
[4]阎平儿,张长水.人工神经网络与模拟进化计算[M].北京:清华大学出版社,2000.
[5]Heady,George.The Architecture of a Network Level Intrusion Detection System[R].Technical Report CS90-20,Department of Computer Science,University of New Mexico,1999.
[6]Stefan Axelsson.Intrusion Detection System:A Survey and Taxonomy[R].Technical Report 99-15,2000.
[7]Foreest S,Hofmeyr SA,Somayaji A.A Sense of self for Unix process [A].Proceedings of 1996 IEEE Symposium on Computer Security and Privacy[C].Oakland,California:IEEE Computer Society Press,1996.120-128.
[8]R.Lippmann,J.Haines,D.Fried,J.Korba,K.Das.The 1999 DARPA off-line intrusion detection evaluation[J].Computer Networks,34,2000,579-595.
[9]Allen J,Christie A,Fithen Wetal.State of the practice of intrusion detection technologies[R],technical report(CMU/SEI-99-TR-028),January 2000.
[10]Briney.A New Direction in Intrusion Detection.http://www.infosecuritymag.com,August,2001
[11]苏辉贵.基于负载均衡的入侵检测技术应用研究[广东工业大学硕士学位论文][D].广东工业大学,2007,14-15.
[12]Widrow B.Neural Network Application in Industry,Business and Science[J].Communication of the ACM,2004,37:93-105.
[13]Debar H,Becke M,Siboni D.A.Neural Network Component for an Intrusion Detection System[C].In Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy,1992.
[14]Kymei Tan.The Application of Neural Networks to UNIX Computer Security[C].In Proceedings of the IEEE International Conference on Neural Networks,1999,1:476-481.
[15]Ghosh A,Schwartzbard A,Schatz A.Learning Program Behavior Profiles for Intrusion Detection[C].Proceedings of the Workshop on Intrusion Detection and Network Monitoring,Santa Clara,1999,04,09-12.
[16]Cannady J.Artificial Neural Networks for Misuse Detection[C].Proceedings of the 21st National Information Systems Security Conference,Arlington,VA,2001,10,05-08.
[17]J.M.Bonifacio,A.M.Cansian,A.C.Carvalho.Neural network applied in intrusion detection systems[C].Proceedings of the 1998 IEEE International Joint Conference on Neural Networks.New Jersey:IEEE Piscataway,2000,205-210.
[18]Lippmann R P,Cunningham R K.Improving Intrusion Detection Performance Using Keyword Selection and Neural Networks[J].Computer Networks-the International Journal of Computer and Telecommunications Networking,2000,34(4):597-603.
[19]李家春,李之棠.神经模糊入侵检测系统的研究[J].计算机工程与应用,2001,17.
[20]肖道举,毛辉,陈晓苏.BP神经网络在入侵检测中的应用[J].华中科技大学学报(自然科学版),2003,5.
[21]金聪.前馈神经网络误差函数的结构形式[J].计算机研究与发展,2003,7.
[22]杨博,王亚东,苏小红.一种基于误差放大的快速BP学习算法[J].计算机研究与发展,2004,5.
[23]李焱.基于神经网络的入侵检测:[华中科技大学硕士学位论文][D].武汉:华中科技大学,2006,23-24.
[24]Martin T.hagan,Howard B.Demuth,Mark H.Beale.Neural Network Design[M].第一版,戴葵 翻译,北京;机械工业出版社,2002
[25]Luo Z.On the Convergence of the LMS Algorithm with Adaptive Learning Rate for Linear Feedforward Networks[J].Neural Computation,1999,226-245.
[26]吕俊,张兴华.几种快速BP算法比较研究[J].现代电子技术.2003,24(7):101-103
[27]王琳.径向基神经网络在入侵检测中的应用研究:[广东工业大学硕士学位论文][D].广东工业大学,2006,25-26.
[28]周志华,曹存根.神经网络及其应用[M].清华大学出版社,2004.
[29]蒋建春,马恒太,任党恩等.网络安全入侵检测研究综述[J].软件学报,2000,11(11):1460-1462.
[30]邓琦皓.分布式主动协同入侵检测系统研究与实践:[中国人民解放军信息工程大学博士学位论文][D].郑州:中国人民解放军信息工程大学,2005,68-69.
[31]S.Staniford-Chen,Tung B,Schnackenberg D.The common intrusion detection framework(CIDF)[M].The information survivabilityy workshop.
[32]唐正军.入侵检测技术导论[M].北京:机械工业出版社,2004,124-135
[33]The BSD packet filter:a new architecture for user-level packet capture[A].McCanne S,Jacobson V.Proceedings of the 1993 Winter USENIX Technical Conference[C].San Diego:CA,1999,37-39.
[34]W.Ricjard Stevens.UNIX Network Programming Volume I Networking APIs:Sockets and XTI(second edition)[M].Prentice Hall PTR,1998,434.
[35]Andrew S.Tanenbaum著,计算机网络[M],熊桂喜,王小虎等译,清华大学出版社,1998.7.
[36]Snort Lightweight Intrusion Detection for Networks[A].Martin Roesch.USENIX LISA Conference,November 1999.
[37]Joel Scambray,Stuart McClure,杨洪涛 译,Windows 2000黑客大曝光[M],清华大学出版社,2002
[38]飞思科技产品研发中心.MATLAB6.5辅助神经网络分析与设计[M].北京:电子工业出版社,2003.
[39]何强,何英.MATLAB扩展编程[M].北京:清华大学出版社,2002.