基于改进选择算子的NIDS多媒体包多线程择危处理模型
|
摘要
网络入侵检测系统(NIDS)在流量超过其负载能力时,漏检率将不可避免,此时应将有限的处理能力优先用于较危险的数据包。因多媒体包在流量中所占比例较大,基于遗传算法的NIDS多媒体包多线程择危处理模型能取得良好效果。由于使用轮盘赌选择算法,该模型存在漏选高危险系数多媒体包的可能。文章通过最优保存策略对选择算子进行改进,并对模型提出新的处理步骤,使系统每个线程内选择处理的多媒体包的危险系数总和最大,同时每个线程的处理能力得到了充分利用。实验表明,改进后的入侵检测模型对危险系数较高的多媒体文件检测率有所提高,目标函数的收敛性也得到加强。
Omission is inevitable, when the network traffic exceeds the load capacity of network intrusion detection system(NIDS). In this case, dangerous packets should be given priority to processing. Since the large proportion of multimedia packets in traffic, the multithreading model for multimedia packets has been proposed in NIDS. In this paper, the selection operator is improved, and new processing steps in the model is proposed. When omission occurs, this improved model can choose more dangerous multimedia packets for processing within the maximum processing capacity of different threads. Experimental results indicate that this model can help NIDS to improve its detection rate for dangerous multimedia packets effectively.
Omission is inevitable, when the network traffic exceeds the load capacity of network intrusion detection system(NIDS). In this case, dangerous packets should be given priority to processing. Since the large proportion of multimedia packets in traffic, the multithreading model for multimedia packets has been proposed in NIDS. In this paper, the selection operator is improved, and new processing steps in the model is proposed. When omission occurs, this improved model can choose more dangerous multimedia packets for processing within the maximum processing capacity of different threads. Experimental results indicate that this model can help NIDS to improve its detection rate for dangerous multimedia packets effectively.
引文
[1]ZHANG Ping,LIU Yanbing,YU Jing,et al.Hashtrie:A Space Efficient Multi Pattern String Matching Algorithm[J].Journal of Communication,2015,36(10):172-180.张萍,刘燕兵,于静,等.Hashtrie:一种空间高效的多模式串匹配算法[J].通信学报,2015,36(10):172-180.
[2]ZHAO Guofeng,YE Fei,YAO Yongan,et al.Design and Implementation of A Multi-pattern String Matching Algorithm in Cloud Center Network Intrusion Detection System[J].Netinfo Security,2018,18(1):52-57.赵国锋,叶飞,姚永安,等.一种面向云中心网络入侵检测的多模式匹配算法[J].信息网络安全,2018,18(1):52-57.
[3]ZHAO Xu.Research on a Structure of the Multimedia List Oriented Network Intrusion Detection System[J].International Journal of Security and Its Applications,2016,10(12):53-68.
[4]CHENG Dongmei,YAN Biao,WEN Hui,et al.The Design and Implement of Rule Matching-based Distributed Intrusion Detection Framework for Industry Control System[J].Netinfo Security,2017,17(7):45-51.程冬梅,严彪,文辉,等.基于规则匹配的分布式工控入侵检测系统设计与实现[J].信息网络安全,2017,17(7):45-51.
[5]GAO Ni,GAO Ling,HE Yiyue,et al.Lightweight Intrusion Detection Model Based on Dimensionality Reduction of Self Encoded Network[J].Acta Electronica Sinica,2017,45(3):730-739.高妮,高岭,贺毅岳,等.基于自编码网络特征降维的轻量级入侵检测模型[J].电子学报,2017,45(3):730-739.
[6]QI Mingyu,LIU Ming,FU Yanming.Research on Network Intrusion Detection Using Support Vector Machines Based on Principal Component Analysis[J].Netinfo Security,2015,15(2):15-18.戚名钰,刘铭,傅彦铭.基于PCA的SVM网络入侵检测研究[J].信息网络安全,2015,15(2):15-18.
[7]BUCZAK A L,GUVEN E.A Survey of Data Mining And Machine Learning Methods for Cyber Security Intrusion Detection[J].IEEE Communications Surveys&Tutorials,2016,18(2):1153-1176.
[8]ZUECH R,KHOSHGOFTAAR T M,WALD R.Intrusion Detection And Big Heterogeneous Data:A Survey[J].Journal of Big Data,2015,2(1):3.
[9]DONG Yuning,WANG Bye,FANG Shuguang,et al.ASummary of The Identification And Classification of Multimedia Communications Traffic[J].Journal of Nanjing University of Posts and Telecommunications(Natural Science Edition),2013,33(3):35-44.董育宁,王再见,房曙光,等.多媒体通信业务流识别与分类方法综述[J].南京邮电大学学报(自然科学版),2013,33(3):35-44.
[10]BAI Jun,XIA Jingbo,WU Jixiang,et al.Summary of Real Time Network Traffic Classification Research[J].Computer Science,2013,40(9):8-15.柏骏,夏靖波,吴吉祥,等.实时网络流量分类研究综述[J].计算机科学,2013,40(9):8-15.
[11]ZHAO Xu.Dynamic Adaptive Multimedia Data Processing Method Based on Snort[J].Computer System Application,2011,20(4):211-213.赵旭.基于Snort的动态自适应多媒体数据处理方法[J].计算机系统应用,2011,20(4):211-213.
[12]WEI Shuning,CHEN Xing,TANG Yong,et al.Research on the Application of AR-HELM Algorithm in Network Traffic Classifi Cation[J].Netinfo Security,2018,18(1):9-14.魏书宁,陈幸如,唐勇,等.AR-HELM算法在网络流量分类中的应用研究[J].信息网络安全,2018,18(1):9-14.
[13]WANG Zaijian,DONG Yuning,MAO Shiwen,et al.Internet Multimedia Traffic Classification from Qos Perspective Using Semi-Supervised Dictionary Learning Models[J].China Communications(English Edition),2017,14(10):202-218.
[14]WU Xiaoping,ZHOU Zhou,LI Hongcheng.Research and Implementation on Network Traffic Anomaly Detection without Guidance Learning with Spark[J].Netinfo Security,2016,16(6):1-7.吴晓平,周舟,李洪成.Spark框架下基于无指导学习环境的网络流量异常检测研究与实现[J].信息网络安全,2016,16(6):1-7.
[15]MARQUES O,Baillargeon P.Design of A Multimedia Traffic Classifier for Snort[J].Information Management&Computer Security,2007,15(3):241-256.
[16]ZHAO X.Optimization of Dynamic Programming to the Multimedia Packets Processing Method for Network Intrusion Detection System[J].International Journal of Security and Its Applications,2015,9(11):35-46.
[17]ZHAO Xu.The Optimization Research of The Multimedia Packets Processing Method in NIDS with 0/1 Knapsack Problem[J].International Journal of Network Security,2015,17(3):351-356.
[18]MARQUES O,BAILLARGEON P.A Multimedia Traffic Classification Scheme for Intrusion Detection Systems[C]//IEEE.International Conference on Information Technology and Applications,Auguest 1-4,2005.Seattle,WA,USA.New York:IEEE Computer Society,2005:496-501.
[19]ZANDER S,ARMITAGE G.Practical Machine Learning Based Multimedia Traffic Classification for Distributed Qos Management[C]//IEEE.2011 IEEE 36th Conference on Local Computer Networks,October 4-7,2011,Bonn,Germany.New York:IEEE,2011:399-406.
[20]ZHAO Xu,WANG Wei.Genetic Algorithm Based NIDSMultimedia Package Multithread Processing Model[J].Computer Engineering and Application,2016,52(14):115-118.赵旭,王伟.结合遗传算法的NIDS多媒体包多线程择危处理模型[J].计算机工程与应用,2016,52(14):115-118.
[2]ZHAO Guofeng,YE Fei,YAO Yongan,et al.Design and Implementation of A Multi-pattern String Matching Algorithm in Cloud Center Network Intrusion Detection System[J].Netinfo Security,2018,18(1):52-57.赵国锋,叶飞,姚永安,等.一种面向云中心网络入侵检测的多模式匹配算法[J].信息网络安全,2018,18(1):52-57.
[3]ZHAO Xu.Research on a Structure of the Multimedia List Oriented Network Intrusion Detection System[J].International Journal of Security and Its Applications,2016,10(12):53-68.
[4]CHENG Dongmei,YAN Biao,WEN Hui,et al.The Design and Implement of Rule Matching-based Distributed Intrusion Detection Framework for Industry Control System[J].Netinfo Security,2017,17(7):45-51.程冬梅,严彪,文辉,等.基于规则匹配的分布式工控入侵检测系统设计与实现[J].信息网络安全,2017,17(7):45-51.
[5]GAO Ni,GAO Ling,HE Yiyue,et al.Lightweight Intrusion Detection Model Based on Dimensionality Reduction of Self Encoded Network[J].Acta Electronica Sinica,2017,45(3):730-739.高妮,高岭,贺毅岳,等.基于自编码网络特征降维的轻量级入侵检测模型[J].电子学报,2017,45(3):730-739.
[6]QI Mingyu,LIU Ming,FU Yanming.Research on Network Intrusion Detection Using Support Vector Machines Based on Principal Component Analysis[J].Netinfo Security,2015,15(2):15-18.戚名钰,刘铭,傅彦铭.基于PCA的SVM网络入侵检测研究[J].信息网络安全,2015,15(2):15-18.
[7]BUCZAK A L,GUVEN E.A Survey of Data Mining And Machine Learning Methods for Cyber Security Intrusion Detection[J].IEEE Communications Surveys&Tutorials,2016,18(2):1153-1176.
[8]ZUECH R,KHOSHGOFTAAR T M,WALD R.Intrusion Detection And Big Heterogeneous Data:A Survey[J].Journal of Big Data,2015,2(1):3.
[9]DONG Yuning,WANG Bye,FANG Shuguang,et al.ASummary of The Identification And Classification of Multimedia Communications Traffic[J].Journal of Nanjing University of Posts and Telecommunications(Natural Science Edition),2013,33(3):35-44.董育宁,王再见,房曙光,等.多媒体通信业务流识别与分类方法综述[J].南京邮电大学学报(自然科学版),2013,33(3):35-44.
[10]BAI Jun,XIA Jingbo,WU Jixiang,et al.Summary of Real Time Network Traffic Classification Research[J].Computer Science,2013,40(9):8-15.柏骏,夏靖波,吴吉祥,等.实时网络流量分类研究综述[J].计算机科学,2013,40(9):8-15.
[11]ZHAO Xu.Dynamic Adaptive Multimedia Data Processing Method Based on Snort[J].Computer System Application,2011,20(4):211-213.赵旭.基于Snort的动态自适应多媒体数据处理方法[J].计算机系统应用,2011,20(4):211-213.
[12]WEI Shuning,CHEN Xing,TANG Yong,et al.Research on the Application of AR-HELM Algorithm in Network Traffic Classifi Cation[J].Netinfo Security,2018,18(1):9-14.魏书宁,陈幸如,唐勇,等.AR-HELM算法在网络流量分类中的应用研究[J].信息网络安全,2018,18(1):9-14.
[13]WANG Zaijian,DONG Yuning,MAO Shiwen,et al.Internet Multimedia Traffic Classification from Qos Perspective Using Semi-Supervised Dictionary Learning Models[J].China Communications(English Edition),2017,14(10):202-218.
[14]WU Xiaoping,ZHOU Zhou,LI Hongcheng.Research and Implementation on Network Traffic Anomaly Detection without Guidance Learning with Spark[J].Netinfo Security,2016,16(6):1-7.吴晓平,周舟,李洪成.Spark框架下基于无指导学习环境的网络流量异常检测研究与实现[J].信息网络安全,2016,16(6):1-7.
[15]MARQUES O,Baillargeon P.Design of A Multimedia Traffic Classifier for Snort[J].Information Management&Computer Security,2007,15(3):241-256.
[16]ZHAO X.Optimization of Dynamic Programming to the Multimedia Packets Processing Method for Network Intrusion Detection System[J].International Journal of Security and Its Applications,2015,9(11):35-46.
[17]ZHAO Xu.The Optimization Research of The Multimedia Packets Processing Method in NIDS with 0/1 Knapsack Problem[J].International Journal of Network Security,2015,17(3):351-356.
[18]MARQUES O,BAILLARGEON P.A Multimedia Traffic Classification Scheme for Intrusion Detection Systems[C]//IEEE.International Conference on Information Technology and Applications,Auguest 1-4,2005.Seattle,WA,USA.New York:IEEE Computer Society,2005:496-501.
[19]ZANDER S,ARMITAGE G.Practical Machine Learning Based Multimedia Traffic Classification for Distributed Qos Management[C]//IEEE.2011 IEEE 36th Conference on Local Computer Networks,October 4-7,2011,Bonn,Germany.New York:IEEE,2011:399-406.
[20]ZHAO Xu,WANG Wei.Genetic Algorithm Based NIDSMultimedia Package Multithread Processing Model[J].Computer Engineering and Application,2016,52(14):115-118.赵旭,王伟.结合遗传算法的NIDS多媒体包多线程择危处理模型[J].计算机工程与应用,2016,52(14):115-118.