基于神经网络的入侵检测系统模型研究
|
摘要
随着计算机网络的不断发展,网络的安全问题也日益突出,网络安全的一个主要威胁就是通过网络对信息系统的入侵。特别是存储的各种关键信息,经常遭受恶意和非法用户的攻击,使得这些信息被非法获取或破坏,严重者导致网络瘫痪。所以,对网络及其信息的保护成为重要课题。而入侵检测系统作为一种重要的网络安全技术,更是成为了当前网络安全领域的研究热点,在保障网络安全方面起着重要的作用。
但由于传统的入侵检测技术存在着规则库难于管理、统计模型难以建立以及较高的误报率和漏报率等诸多问题,制约了入侵检测系统在实际应用中的效果。因此针对目前入侵检测系统存在的各种缺点和不足,提出了将神经网络运用于入侵检测的概念模型。网络入侵检测问题本质上是获取网络上的数据流量信息并根据一定的方法进行分析,来判断是否受到了攻击或者入侵,因此,入侵检测问题可以理解为模式识别问题。而人工神经网络是一种基于大量神经元广泛互联的数学模型,具有自学习、自组织、自适应的特点,在模式识别领域的应用取得了良好的效果。利用神经网络技术的自学习能力、联想记忆能力和模糊运算能力,可以对各种入侵和攻击进行识别和检测。
基于这个思路,将神经网络技术和入侵检测技术相结合,建立了一个基于神经网络的入侵检测系统模型并实现了一个基于BP(Back Propagation)神经网络的入侵检测系统的原形,对原有的误差返向传播算法进行了改进以太提高收敛速度,然后对一些实际数据进行了测试和分析,在检测率,漏报率,误报率等方面取得了较好的效果。
Recently, as the development of the technology of the Internet, the security problem becomes a thread of the network field. One of the threads is intrusion which is to get or destroy the important information of users. In some case it can paralyze the whole network. And Intrusion Detection System is an advanced technology for network security and is becoming one of hotspots in the network security field. It has taken great effects in safeguarding the security of our network.
However, the traditional Intrusion Detecting System has some disadvantages such as difficulty in rule base administration and statistics model building, as well as high false negative and false positive rates. All of the weak points above have limited the effects of the Intrusion Detecting Systems. In order to improve the disadvantages of our Intrusion Detecting Systems, we introduce a Neural Network based Intrusion Detecting model. The principle of the Intrusion Detection is to get the information of the network traffics and then analyze them to determine whether the system is under attack. So we can look the intrusion detecting as a Pattern Recognition problem. Accordingly, Neural Networks is a mathematical model that has the characteristics of self-study, self-organization and self-adapting and has been widely use in the Pattern Recognition field. Therefore, we can use this technology to detect the intrusion in the network.
Then we implement a Neural Network based Intrusion Detecting Model based on the theory above and improve the BP algorithm to increase the performance of our system model. Then we test the model use real data in the network and acquire good results.
但由于传统的入侵检测技术存在着规则库难于管理、统计模型难以建立以及较高的误报率和漏报率等诸多问题,制约了入侵检测系统在实际应用中的效果。因此针对目前入侵检测系统存在的各种缺点和不足,提出了将神经网络运用于入侵检测的概念模型。网络入侵检测问题本质上是获取网络上的数据流量信息并根据一定的方法进行分析,来判断是否受到了攻击或者入侵,因此,入侵检测问题可以理解为模式识别问题。而人工神经网络是一种基于大量神经元广泛互联的数学模型,具有自学习、自组织、自适应的特点,在模式识别领域的应用取得了良好的效果。利用神经网络技术的自学习能力、联想记忆能力和模糊运算能力,可以对各种入侵和攻击进行识别和检测。
基于这个思路,将神经网络技术和入侵检测技术相结合,建立了一个基于神经网络的入侵检测系统模型并实现了一个基于BP(Back Propagation)神经网络的入侵检测系统的原形,对原有的误差返向传播算法进行了改进以太提高收敛速度,然后对一些实际数据进行了测试和分析,在检测率,漏报率,误报率等方面取得了较好的效果。
Recently, as the development of the technology of the Internet, the security problem becomes a thread of the network field. One of the threads is intrusion which is to get or destroy the important information of users. In some case it can paralyze the whole network. And Intrusion Detection System is an advanced technology for network security and is becoming one of hotspots in the network security field. It has taken great effects in safeguarding the security of our network.
However, the traditional Intrusion Detecting System has some disadvantages such as difficulty in rule base administration and statistics model building, as well as high false negative and false positive rates. All of the weak points above have limited the effects of the Intrusion Detecting Systems. In order to improve the disadvantages of our Intrusion Detecting Systems, we introduce a Neural Network based Intrusion Detecting model. The principle of the Intrusion Detection is to get the information of the network traffics and then analyze them to determine whether the system is under attack. So we can look the intrusion detecting as a Pattern Recognition problem. Accordingly, Neural Networks is a mathematical model that has the characteristics of self-study, self-organization and self-adapting and has been widely use in the Pattern Recognition field. Therefore, we can use this technology to detect the intrusion in the network.
Then we implement a Neural Network based Intrusion Detecting Model based on the theory above and improve the BP algorithm to increase the performance of our system model. Then we test the model use real data in the network and acquire good results.
引文
[1]中国互联网络信息中心.“中国互联网络发展状况统计报告”.北京:《中国计算机报》,2005年7月
[2]蒋建春,马恒太,任党思等.网络安全入侵检测:研究综述.软件学报,2000,11.23~24
[3]戴英侠,连一峰,王航.系统安全与入侵检测.北京:清华大学出版社,2002.31~32
[4]韩东海,王超,李群.入侵检测系统实例剖析.北京:清华大学出版社,2002:13~17
[5]尹秀莲,于跃武.电子政务与网络信息安全.呼和浩特:内蒙古科技与经济,2002, 2:56~59
[6] Proctor Paul.The Practical Intrusion Detection Handbook.邓琦皓,许鸿飞,张斌译.北京:中国电力出版社,2002.1~77
[7]喻建平,闫巧.入侵检测系统的发展及其研究方向.信息安全与通信保密,2002,3:45~47
[8] Cheung S, Dissertation. "An Intrusion Tolerance Approach for Protecting Network Infrastructures". Davis :University of California, 1999. 35~38
[9] Balthrop J, Forrest S, Glickman M. Revisiting lisys: Parameters and normal behavior. Proceedings of the Congress on Evolutionary Computation ,2002.1045~1050
[10] Aickelin U,Bentley P, Cayzer S. Danger theory: The link between ais and ids. In Proc of the Second International Conference on Artificial Immune Systems, 2003.147~155
[11] Begnum K, Burgess M. A scaled, Immunological Approach to Anomaly Countermeasures (combining ph with cfengine). Integrated Network Management, 2003:31~42
[12]袁曾任.人工神经网络及其应用.北京:清华大学出版社,1992.78~81
[13]朱太奇,史辉.人工神经网络原理及应用.北京:科学出版社,2006.42~50
[14]董聪.人工神经网络:当前的进展与问题.基础科学,1999,11(1):26~27
[15]诺斯科特,余青霓,王晓程等.网络入侵检测分析员手册.北京:人民邮电出版社,2000.10~52
[16]蒋建春,冯登国.网络入侵检测原理与技术.北京:国防工业出版社,2001.35~40
[17] Rebecca Gurley Bace.入侵检测.北京:人民邮电出版社,2001.77~78
[18]薛静锋,宁宇鹏,阎慧.入侵检测技术.北京:机械工业出版社,2004.36~41
[19]唐正军,李建华.入侵检测技术.北京:清华大学出版社,2004.47~49
[20]唐正军.入侵检测技术导论.北京:机械工业出版社,2004.6~7
[21] http://www.robertgraham.com/pubs/network-intrusion-detection.html
[22]冯登国.网络安全原理与技术.北京:科学出版社,2003.13~14
[23]胡建斌,段云所等.基于网络的入侵检测系统及其应用.网络安全技术与应用,2002(4) :22~23
[24] Toxen Bob.入侵防范、检测和恢复.北京:机械工业出版社,2002.1.9~10
[25] http://www.iss.net/products/product_sections/Intrusion_Detection_.html
[26]程相君等.神经网络原理及其应用.北京:国防工业出版社,1995.9~11
[27] Mehmed Kantardzic.闪四清,陈茵,程雁等译.数据挖掘.北京:清华大学出版社,2003.19~20
[28]杨国胜,窦丽华.数据融合及其应用.北京:兵器工业出版社,2004.31~50
[29]李涛,计算机免疫学.北京:电子工业出版社,2004.17~18
[30]焦李成.神经网络系统理论.西安:西安电子科技大学出版社,1989.7~8
[31]杨光正,吴岷.模式识别.合肥:中国科学技术大学出版社,2001.24~30
[32]陈明.神经网络模型.大连:大连理工大学出版社,1995.81~83
[33] Bace R. Intrusion Detection. Macmillan Technical Publishing, 2000.北京:人民邮电出版社,2001.6.11~12
[34]李凌.Winsock 2网络编程实用教程.北京:清华大学出版社,2003.75~91
[35]李春艳.利用神经网络技术实现星敏感器的星图识别:[硕士论文].大连:辽宁师范大学图书馆,2003
[36]岳建平.灰色动态神经网络模型及其应用.水利学报,2003年,第七期:120~121
[37]梁曼君等.提高BP神经网络学习速度的算法研究.合肥工业大学学报,1996,18(1):23~25
[38] http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
[39] CIDF working group, A Common Intrusion Specification Language, http://www.gidos.org/,2000
[40] CIDF working group,Common Intrusion Detection Framework APIs, http://www.gidos.orel,1998
[41] CIDF working group. Communication in the Common Intrusion Detection Framework,http://www.edios.org,1998
[42]飞思科技产品研发中心.MATLAB7基础与提高.北京:电子工业出版社,2005.34~60
[43]飞思科技产品研发中心.神经网络理论与matlab7实现.北京:电子工业出版社,2005.61~71
[44] Parekh Rajesh,Yang Jihoon, Honaver Vasant. Constructive neural network learning algorithm for pattern classification. IEEE Transactions on Neural Network. March 2000, 11.1~3
[45] Piyushi Ojha. Enumeration of linear threshold function from the lattice of hyper plan intersections. IEEE Transactions on Neural Networks,JULY 2000,11.1~2
[46]刘美兰.神经网络在入侵检测系统中的应用.计算机工程与应用,1999. 6.7~51
[47]蔡自兴,徐光佑.人工智能及其应用.北京:清华大学出版社,2003.3~10
[48]吴企渊.计算机网络.北京:清华大学出版社,2004.5~10
[49]郝京宇,谢绍斌,罗红.入侵检测系统网络数据捕获模块研究.航空计算技术,2002年第32卷第1期:28~29
[50]王青海.BP神经网络算法的一种改进.青海大学学报(自然科学版),第22卷第3期:34~35
[51] Jorgenson Manikopolos. A Hierarchical Anomaly Network Intrusion Detection System Using Neural Network Classification. Proceedings of the 2001 IEEE Workshop on Information Assurance and Security United States Military Academy,West Point,2001.5~6
[52] Dorothy Denning. An intrusion-detection model. IEEE Transactions on Software Engineering,1987,13(2).22~23
[53] Christos Siaterlis, Vasilis Maglaris. Detecting incoming and outgoing DDoS attacks at the edge using a single set of network characteristics. Proceedings of the 10th IEEE Symposium on Computers and Communications, 2005.15~16
[2]蒋建春,马恒太,任党思等.网络安全入侵检测:研究综述.软件学报,2000,11.23~24
[3]戴英侠,连一峰,王航.系统安全与入侵检测.北京:清华大学出版社,2002.31~32
[4]韩东海,王超,李群.入侵检测系统实例剖析.北京:清华大学出版社,2002:13~17
[5]尹秀莲,于跃武.电子政务与网络信息安全.呼和浩特:内蒙古科技与经济,2002, 2:56~59
[6] Proctor Paul.The Practical Intrusion Detection Handbook.邓琦皓,许鸿飞,张斌译.北京:中国电力出版社,2002.1~77
[7]喻建平,闫巧.入侵检测系统的发展及其研究方向.信息安全与通信保密,2002,3:45~47
[8] Cheung S, Dissertation. "An Intrusion Tolerance Approach for Protecting Network Infrastructures". Davis :University of California, 1999. 35~38
[9] Balthrop J, Forrest S, Glickman M. Revisiting lisys: Parameters and normal behavior. Proceedings of the Congress on Evolutionary Computation ,2002.1045~1050
[10] Aickelin U,Bentley P, Cayzer S. Danger theory: The link between ais and ids. In Proc of the Second International Conference on Artificial Immune Systems, 2003.147~155
[11] Begnum K, Burgess M. A scaled, Immunological Approach to Anomaly Countermeasures (combining ph with cfengine). Integrated Network Management, 2003:31~42
[12]袁曾任.人工神经网络及其应用.北京:清华大学出版社,1992.78~81
[13]朱太奇,史辉.人工神经网络原理及应用.北京:科学出版社,2006.42~50
[14]董聪.人工神经网络:当前的进展与问题.基础科学,1999,11(1):26~27
[15]诺斯科特,余青霓,王晓程等.网络入侵检测分析员手册.北京:人民邮电出版社,2000.10~52
[16]蒋建春,冯登国.网络入侵检测原理与技术.北京:国防工业出版社,2001.35~40
[17] Rebecca Gurley Bace.入侵检测.北京:人民邮电出版社,2001.77~78
[18]薛静锋,宁宇鹏,阎慧.入侵检测技术.北京:机械工业出版社,2004.36~41
[19]唐正军,李建华.入侵检测技术.北京:清华大学出版社,2004.47~49
[20]唐正军.入侵检测技术导论.北京:机械工业出版社,2004.6~7
[21] http://www.robertgraham.com/pubs/network-intrusion-detection.html
[22]冯登国.网络安全原理与技术.北京:科学出版社,2003.13~14
[23]胡建斌,段云所等.基于网络的入侵检测系统及其应用.网络安全技术与应用,2002(4) :22~23
[24] Toxen Bob.入侵防范、检测和恢复.北京:机械工业出版社,2002.1.9~10
[25] http://www.iss.net/products/product_sections/Intrusion_Detection_.html
[26]程相君等.神经网络原理及其应用.北京:国防工业出版社,1995.9~11
[27] Mehmed Kantardzic.闪四清,陈茵,程雁等译.数据挖掘.北京:清华大学出版社,2003.19~20
[28]杨国胜,窦丽华.数据融合及其应用.北京:兵器工业出版社,2004.31~50
[29]李涛,计算机免疫学.北京:电子工业出版社,2004.17~18
[30]焦李成.神经网络系统理论.西安:西安电子科技大学出版社,1989.7~8
[31]杨光正,吴岷.模式识别.合肥:中国科学技术大学出版社,2001.24~30
[32]陈明.神经网络模型.大连:大连理工大学出版社,1995.81~83
[33] Bace R. Intrusion Detection. Macmillan Technical Publishing, 2000.北京:人民邮电出版社,2001.6.11~12
[34]李凌.Winsock 2网络编程实用教程.北京:清华大学出版社,2003.75~91
[35]李春艳.利用神经网络技术实现星敏感器的星图识别:[硕士论文].大连:辽宁师范大学图书馆,2003
[36]岳建平.灰色动态神经网络模型及其应用.水利学报,2003年,第七期:120~121
[37]梁曼君等.提高BP神经网络学习速度的算法研究.合肥工业大学学报,1996,18(1):23~25
[38] http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
[39] CIDF working group, A Common Intrusion Specification Language, http://www.gidos.org/,2000
[40] CIDF working group,Common Intrusion Detection Framework APIs, http://www.gidos.orel,1998
[41] CIDF working group. Communication in the Common Intrusion Detection Framework,http://www.edios.org,1998
[42]飞思科技产品研发中心.MATLAB7基础与提高.北京:电子工业出版社,2005.34~60
[43]飞思科技产品研发中心.神经网络理论与matlab7实现.北京:电子工业出版社,2005.61~71
[44] Parekh Rajesh,Yang Jihoon, Honaver Vasant. Constructive neural network learning algorithm for pattern classification. IEEE Transactions on Neural Network. March 2000, 11.1~3
[45] Piyushi Ojha. Enumeration of linear threshold function from the lattice of hyper plan intersections. IEEE Transactions on Neural Networks,JULY 2000,11.1~2
[46]刘美兰.神经网络在入侵检测系统中的应用.计算机工程与应用,1999. 6.7~51
[47]蔡自兴,徐光佑.人工智能及其应用.北京:清华大学出版社,2003.3~10
[48]吴企渊.计算机网络.北京:清华大学出版社,2004.5~10
[49]郝京宇,谢绍斌,罗红.入侵检测系统网络数据捕获模块研究.航空计算技术,2002年第32卷第1期:28~29
[50]王青海.BP神经网络算法的一种改进.青海大学学报(自然科学版),第22卷第3期:34~35
[51] Jorgenson Manikopolos. A Hierarchical Anomaly Network Intrusion Detection System Using Neural Network Classification. Proceedings of the 2001 IEEE Workshop on Information Assurance and Security United States Military Academy,West Point,2001.5~6
[52] Dorothy Denning. An intrusion-detection model. IEEE Transactions on Software Engineering,1987,13(2).22~23
[53] Christos Siaterlis, Vasilis Maglaris. Detecting incoming and outgoing DDoS attacks at the edge using a single set of network characteristics. Proceedings of the 10th IEEE Symposium on Computers and Communications, 2005.15~16