基于感知哈希矩阵的最近邻入侵检测算法
|
摘要
针对目前入侵检测效率不高的问题,本文提出一种基于感知哈希矩阵的最近邻入侵检测算法.首先计算训练集中入侵检测对象的感知哈希描述子,并将感知哈希描述子拼接成感知哈希矩阵;然后利用设计好的量化函数对矩阵中的哈希描述子进行量化,并按照感知哈希的性质对矩阵进行约简和调整;在入侵检测阶段用该矩阵快速定位与待检测对象最相近的K个样本,利用K近邻的投票原则完成入侵检测任务.通过理论分析及在KDDCUP99数据集上的相关实验验证了该方法以O(n)的时间复杂度来快速定位最近邻的K个样本,在保持高检测率的同时降低了存储和计算方面的开销,从而更加有效的保护网络环境.
In view of the low efficiency of current intrusion detection,this paper proposes a Nearest Neighbor Intrusion Detection algorithm based on Perceptual Hash Matrix.Firstly,the perceptual Hash descriptors of the intrusion detection object in the training set is calculated,and the perceptual Hash descriptors are spliced into a perceptual Hash matrix;Then use the designed quantization function to quantize the Hash digest in the matrix,and reduce and adjust the matrix according to the nature of the perceived Hash.In the intrusion detection phase,the matrix is used to quickly locate K samples closest to the object to be detected,using K nearest neighbors(KNN)'s voting principles to complete intrusion detection tasks.Theoretical analysis and related experiments on the KDDCUP99 dataset show that the method can quickly locate the nearest neighbor K samples with the O(n) of time complexity,which can reduce the overhead of storage and calculation while maintaining high detection rate,and more effectively protect the network environment.
In view of the low efficiency of current intrusion detection,this paper proposes a Nearest Neighbor Intrusion Detection algorithm based on Perceptual Hash Matrix.Firstly,the perceptual Hash descriptors of the intrusion detection object in the training set is calculated,and the perceptual Hash descriptors are spliced into a perceptual Hash matrix;Then use the designed quantization function to quantize the Hash digest in the matrix,and reduce and adjust the matrix according to the nature of the perceived Hash.In the intrusion detection phase,the matrix is used to quickly locate K samples closest to the object to be detected,using K nearest neighbors(KNN)'s voting principles to complete intrusion detection tasks.Theoretical analysis and related experiments on the KDDCUP99 dataset show that the method can quickly locate the nearest neighbor K samples with the O(n) of time complexity,which can reduce the overhead of storage and calculation while maintaining high detection rate,and more effectively protect the network environment.
引文
[1] 冯子豪.Snort在工业控制系统入侵检测领域的改进及应用[D].北京:北京邮电大学,2017.
[2] Prachi Deshpande,S C Sharma,et al.HIDS:A host based intrusion detection system for cloud computing environment[J].International Journal of System Assurance Engineering and Management,2018,9 (3):567-576.
[3] 高妮,高岭,贺毅岳,王海.基于自动编码网络特征降维的轻量级入侵检测模型[J].电子学报,2017,45(3):730-739.GAO N,GAO L,HE YY,WANG H.A lightweight intrusion detection model based on autoencoder network with feature reduction[J].Acta Electronica Sinica,2017,45(3):730-739.(in Chinese)
[4] 张思聪,谢晓尧,徐洋.基于dCNN的入侵检测方法[J/OL].清华大学学报(自然科学版):1-9.https://doi.org/10.16511/j.cnki.qhdxxb.2019.22.004.[2019-01-06].
[5] 梁杰,陈嘉豪,张雪芹,等.基于独热编码和卷积神经网络的异常检测[J/OL].清华大学学报(自然科学版):1-7.https://doi.org/10.16511/j.cnki.qhdxxb.2018.25.061.[2019-01-06].
[6] Chawla A,Lee B,Fallon S,et al.Host based intrusion detection system with combined cnn/rnn model[A].Proceedings of Second International Workshop on AI in Security[C].Dublin,Ireland,2018.149-158.
[7] Wagh S,Neelwarna G,Kolhe S.A Comprehensive Analysis and Study in Intrusion Detection System Using k-NN Algorithm.Multi-disciplinary Trends in Artificial Intelligence[M].Berlin Heidelberg:Springer,2012.143-154.
[8] Jain P,Kulis B,Dhillon IS,Grauman K.Online metric learning and fast similarity search[A].Proceedings of the 21st International Conference on Neural Information Processing Systems NIPS’08[C].USA:Curran Associates Inc,2008.761-768.
[9] Friedman JH,Bentley JL,Finkel RA.An algorithm for finding best matches in logarithmic expected time[J].ACM Trans Math Softw,1977,3 (3):209-226.
[10] Liu T,Moore AW,Gray A.Efficient exact K-NN and nonparametric classification in high dimensions[A].Proceedings of the 16th International Conference on Neural Information Processing Systems[C].MIT Press,2003.265-272.
[11] Stolfo S J,Fan W,Lee W K,et al.Cost-Based Modeling for Fraud and Intrusion Detection:Results from the JAM Project[EB/OL].http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html,2011-06-27.
[12] Johnstone I M,Lu A Y.Sparse principal components analysis[J/OL].https://www.ixueshu.com/document/de76061077a4d849318947a18e7f9386.html,2004-02-01.
[13] 牛夏牧,焦玉华.感知哈希综述[J].电子学报,2008,36(7):1405-1411.NIU X M,JIAO Y H.An overview of perception Hashing[J].Acta Electronica Sinica,2008,36(7):1405-1411.(in Chinese)
[14] Tipping M,Bishop C.Probabilistic principal component analysis[J].Journal of the Royal Statistical Society,Series B,61,Part 3:611-622.
[2] Prachi Deshpande,S C Sharma,et al.HIDS:A host based intrusion detection system for cloud computing environment[J].International Journal of System Assurance Engineering and Management,2018,9 (3):567-576.
[3] 高妮,高岭,贺毅岳,王海.基于自动编码网络特征降维的轻量级入侵检测模型[J].电子学报,2017,45(3):730-739.GAO N,GAO L,HE YY,WANG H.A lightweight intrusion detection model based on autoencoder network with feature reduction[J].Acta Electronica Sinica,2017,45(3):730-739.(in Chinese)
[4] 张思聪,谢晓尧,徐洋.基于dCNN的入侵检测方法[J/OL].清华大学学报(自然科学版):1-9.https://doi.org/10.16511/j.cnki.qhdxxb.2019.22.004.[2019-01-06].
[5] 梁杰,陈嘉豪,张雪芹,等.基于独热编码和卷积神经网络的异常检测[J/OL].清华大学学报(自然科学版):1-7.https://doi.org/10.16511/j.cnki.qhdxxb.2018.25.061.[2019-01-06].
[6] Chawla A,Lee B,Fallon S,et al.Host based intrusion detection system with combined cnn/rnn model[A].Proceedings of Second International Workshop on AI in Security[C].Dublin,Ireland,2018.149-158.
[7] Wagh S,Neelwarna G,Kolhe S.A Comprehensive Analysis and Study in Intrusion Detection System Using k-NN Algorithm.Multi-disciplinary Trends in Artificial Intelligence[M].Berlin Heidelberg:Springer,2012.143-154.
[8] Jain P,Kulis B,Dhillon IS,Grauman K.Online metric learning and fast similarity search[A].Proceedings of the 21st International Conference on Neural Information Processing Systems NIPS’08[C].USA:Curran Associates Inc,2008.761-768.
[9] Friedman JH,Bentley JL,Finkel RA.An algorithm for finding best matches in logarithmic expected time[J].ACM Trans Math Softw,1977,3 (3):209-226.
[10] Liu T,Moore AW,Gray A.Efficient exact K-NN and nonparametric classification in high dimensions[A].Proceedings of the 16th International Conference on Neural Information Processing Systems[C].MIT Press,2003.265-272.
[11] Stolfo S J,Fan W,Lee W K,et al.Cost-Based Modeling for Fraud and Intrusion Detection:Results from the JAM Project[EB/OL].http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html,2011-06-27.
[12] Johnstone I M,Lu A Y.Sparse principal components analysis[J/OL].https://www.ixueshu.com/document/de76061077a4d849318947a18e7f9386.html,2004-02-01.
[13] 牛夏牧,焦玉华.感知哈希综述[J].电子学报,2008,36(7):1405-1411.NIU X M,JIAO Y H.An overview of perception Hashing[J].Acta Electronica Sinica,2008,36(7):1405-1411.(in Chinese)
[14] Tipping M,Bishop C.Probabilistic principal component analysis[J].Journal of the Royal Statistical Society,Series B,61,Part 3:611-622.