基于径向基函数(RBF)神经网络的入侵检测技术研究
|
摘要
网络安全问题已成为信息时代人类共同面临的挑战,国内的网络安全问题也日益突出。具体表现为:计算机系统受病毒感染和破坏的情况相当严重;电脑黑客活动已形成重要威胁;信息基础设施面临网络安全的挑战;信息系统在预测、反应、防范和恢复能力方面存在许多薄弱环节;网络政治颠覆活动频繁。如果不很好地解决这些问题,必将阻碍信息化发展的进程。入侵检测技术是一种重要的动态安全防护技术,已经成为计算机科学与技术的一个重要研究领域。
入侵检测是对计算机和网络资源上的恶意行为进行识别和响应的处理过程,它应用了以攻为守的策略,在不影响网络性能的情况下,能够对网络进行检测,提供对内,外攻击和误操作的实时监控。这几年随着网络及其安全技术的飞速发展,一些新的入侵检测技术相继出现,主要包括:人工神经网络、遗传算法、模糊技术数据挖掘等。其中,基于人工神经网络的入侵检测技术的发展尤为突出。人工神经网络以自适应、自学习,自组较好的容错性和并行性,联想记忆和联想等优点而受到了世入瞩目,在入侵检测领域发挥了重要作用。
文章首先阐述了入侵检测和人工神经网络的概念和相关技术,入侵检测系统的研究现状,通过分析当前运用较多的入侵检测模型的缺陷,提出了一种基于径向基函数(Radial Basic Functions)神经网络的入侵检测系统模型,该模型既克服了传统的基于规则库的入侵检测系统所存在的管理问题.又克服了传统的系统仅能判断入侵行为是否异常,而不能识别入侵行为属于哪种类型的缺陷,从而使系统能够达到实时监测网络及主机状态,来防范不可预知性入侵。该模型具有良好的易用性和可扩展性,是一种开发安全管理系统的有效手段。
最后,我们对训练好的神经网络做了检测实验,实验结果表明将径向基函数神经网络应用于入侵检测技术能有效的提高检测的准确率和入侵检测系统性能。
基于径向基函数的入侵检测研究是一个非常活跃的研究领域。本文在最后给出了一些作者认为在今后针对该领域需要研究和改进的方向。
Network security has become the information age challenges facing humanity, the domestic network security issues become increasingly prominent. Specific performance: computer system by virus infection and damage is very serious; computer hacking has become a major threat; information infrastructure challenges facing network security; information systems in forecasting, response, prevention and recovery capabilities there are many weak links; frequent network of political subversion. If you do not solve these problems, the information will hinder the development process. Intrusion detection technology is an important dynamic security protection technology,
Intrusion detection is a computer and network resources to identify malicious behavior and response process, it applies to the offensive strategy, in the case does not affect network performance, can detect the network, providing internal and external attacks and misuse in real-time monitoring. Recent years, as network and security technologies, the rapid development of new intrusion detection techniques have emerged, including: artificial neural networks, genetic algorithms, fuzzy data mining techniques. Which, based on artificial neural network intrusion detection technology is particularly important. Artificial neural networks to adaptive and learning from group better fault tolerance and parallelism advantages of associative memory and Lenovo being the world into attention in the field of intrusion detection has played an important role.
This paper described the intrusion detection and artificial neural network concepts and related technologies, intrusion detection system status, through the analysis of current intrusion detection models using larger defect, a radial basis function (Radial Basic Functions) neural network intrusion detection system model, which overcomes the traditional rule-based intrusion detection systems library management problems. Has overcome the traditional system only determine whether the abnormal intrusion, intrusions are not identified which type of defect, so the system can achieve real-time monitoring of network and host state, to prevent the unpredictable nature of the invasion. The model has good ease of use and scalability, is a development of an effective means of safety management systems.
Finally, we trained neural network between pairs of the detection experiment results show that the radial basis function neural network intrusion detection technology used to improve detection and effective De accuracy and performance of intrusion detection systems.
Radial basis function of intrusion detection is a very active area of research. In this paper, given that some of the areas in the future need for research and better direction.
入侵检测是对计算机和网络资源上的恶意行为进行识别和响应的处理过程,它应用了以攻为守的策略,在不影响网络性能的情况下,能够对网络进行检测,提供对内,外攻击和误操作的实时监控。这几年随着网络及其安全技术的飞速发展,一些新的入侵检测技术相继出现,主要包括:人工神经网络、遗传算法、模糊技术数据挖掘等。其中,基于人工神经网络的入侵检测技术的发展尤为突出。人工神经网络以自适应、自学习,自组较好的容错性和并行性,联想记忆和联想等优点而受到了世入瞩目,在入侵检测领域发挥了重要作用。
文章首先阐述了入侵检测和人工神经网络的概念和相关技术,入侵检测系统的研究现状,通过分析当前运用较多的入侵检测模型的缺陷,提出了一种基于径向基函数(Radial Basic Functions)神经网络的入侵检测系统模型,该模型既克服了传统的基于规则库的入侵检测系统所存在的管理问题.又克服了传统的系统仅能判断入侵行为是否异常,而不能识别入侵行为属于哪种类型的缺陷,从而使系统能够达到实时监测网络及主机状态,来防范不可预知性入侵。该模型具有良好的易用性和可扩展性,是一种开发安全管理系统的有效手段。
最后,我们对训练好的神经网络做了检测实验,实验结果表明将径向基函数神经网络应用于入侵检测技术能有效的提高检测的准确率和入侵检测系统性能。
基于径向基函数的入侵检测研究是一个非常活跃的研究领域。本文在最后给出了一些作者认为在今后针对该领域需要研究和改进的方向。
Network security has become the information age challenges facing humanity, the domestic network security issues become increasingly prominent. Specific performance: computer system by virus infection and damage is very serious; computer hacking has become a major threat; information infrastructure challenges facing network security; information systems in forecasting, response, prevention and recovery capabilities there are many weak links; frequent network of political subversion. If you do not solve these problems, the information will hinder the development process. Intrusion detection technology is an important dynamic security protection technology,
Intrusion detection is a computer and network resources to identify malicious behavior and response process, it applies to the offensive strategy, in the case does not affect network performance, can detect the network, providing internal and external attacks and misuse in real-time monitoring. Recent years, as network and security technologies, the rapid development of new intrusion detection techniques have emerged, including: artificial neural networks, genetic algorithms, fuzzy data mining techniques. Which, based on artificial neural network intrusion detection technology is particularly important. Artificial neural networks to adaptive and learning from group better fault tolerance and parallelism advantages of associative memory and Lenovo being the world into attention in the field of intrusion detection has played an important role.
This paper described the intrusion detection and artificial neural network concepts and related technologies, intrusion detection system status, through the analysis of current intrusion detection models using larger defect, a radial basis function (Radial Basic Functions) neural network intrusion detection system model, which overcomes the traditional rule-based intrusion detection systems library management problems. Has overcome the traditional system only determine whether the abnormal intrusion, intrusions are not identified which type of defect, so the system can achieve real-time monitoring of network and host state, to prevent the unpredictable nature of the invasion. The model has good ease of use and scalability, is a development of an effective means of safety management systems.
Finally, we trained neural network between pairs of the detection experiment results show that the radial basis function neural network intrusion detection technology used to improve detection and effective De accuracy and performance of intrusion detection systems.
Radial basis function of intrusion detection is a very active area of research. In this paper, given that some of the areas in the future need for research and better direction.
引文
[1]王宝会.计算机信息安全[M].北京:电子工业出版社,2006.
[2]鲜永菊.入侵检测[M].西安:电子科技大学出版社,2009.
[3]李剑.入侵检测技术[M].北京:高等教育出版社,2008.
[4]张良均、曹晶、蒋世忠.神经网络实用教程[M].北京:机械工业出版社,2008.
[5]钟珞、饶文碧、邹承明.人工神经网络及其融合应用技术[M].北京:科学出版社,2007.
[6]金山毒霸.2008年中国电脑病毒疫情及互联网安全报告[R].2009.2.
[7] Eskin E, Arnold A, Prerau M, et, al. A geometric framework for unsupervised anomaly detection: detecting intrusions in unlabeled data[A].Application of Data Mining in Computer Security [C].2002.77一102
[8] James.P.Anderson.Computer.Security.Threat.Monitoring.and.Surveillance[R].Washington:James P.Anderso Co.1980.
[9]唐正军.网络入侵检测系统的设计与实现[M].北京:电子工业出版社,2002:85-89.
[10]蒋建春、冯登国.网络入侵检测原理与技术[M].北京:国防工业出版社,2000,26(2):80-82.
[11]张杰,戴英侠.入侵检测系统技术现状及其发展趋势[J].计算机与通信.2002,(6):3-5.
[12]陶洪涛,基于RBF神经网络的入侵检测技术研究电子科技大学硕士学位论文.2006.
[13] Matgaret H.Dunhan郭崇慧等译DATA Mining Introductory and Advanced Topics[M]清华大学出版社2005.1
[14] (美) Sandhya Samarasinghe.神经网络在应用科学和工程中的应用.机械工业出版社[M] 2010
[15]王景新,戴葵,宋辉,王志英,基于神经网络的入侵检测系统[J],计算机工程与科学2003年第25卷第六期
[16] Wenke Lee,S.J.Stolfo,and K.W.Mok.“A data mining framework for building intrusion detection models”,In Proceedings of the 2007 IEEE. [J]
[17]高隽,人工神经网络原理及仿真实例.机械工业出版社[M]2003
[18] Chen MS. Data mining: An overview from a database perspective[J]. IEEE Trans Knowledge and Data Engineering, 1997, 8(6): 866一883.
[19] An Introduction to Intrusion Detection and Assessment.http://www.icsa.com. [J]
[20] Wenke Lee,“A Data Mining Framework for Constructing Features and Models for Intrusion Detection Systems”,PhD thesis,Columbia University,1999.[J]
[21] Agrawal R.,Mielinski T and A.Swami,Mining Association Rules Between Sets of Items in Large Databases.Proceeding of ACIFSIG,1990 International Conference.(1993),207-216[J]
[22]韩力群,人工神经网络的理论、设计及应用. [M]化学工业出版社2002
[23] W Lee,S Stolfo .Data mining approaches for intrusion detetion[C]. In,:Proc 7th USENIX Security Symposium (SECURITY'98),San Antonio.TX,1998: 79~94p
[24] R. Agrawal, R. Srikant .Fast Algorithms for Mining Association Rules,In Proceedings of the 20th VLDB Conference ,page 487-499, Santiago, Chile ,1994[J]
[25] R. Agrawal,T. Imielinski, and A. Swami. Mining association rules between sets of items in large databases. In Proceedings of the 1993 ACM SIGMOD International Conference on Management of Data, pages 207-216, Washington, DC, May 1993. [M]
[26] Hong Han , Xian-Liang Lu , Li-Yong Ren , Using Data Mining Signatures in Network-Based Intrusion Detection, Proceeding to Discover of the First Conference on Machine Leaning and Cybernetics, Beijing, 4-S November 2002. [M]
[27] Wenkee Lee, Salvatore J. Stolfo, Kui W. Mok, A Data Mining Framework for Building Intrusion Detection Models , Computer Science Department Columbia University, New York. [M]
[28] Cristina Abad , Jed Taylor , Log Con-elation for Intrusion Detection: A Proof of Concept, Proceeding of the 19th Annual Computer Security Application Conference [M] (ACSAC 2003)
[29] http://kdd.ics.uci.edu//databases/kddcup99/kddcup99.html[N]
[30] K.Wang, S.J.Stolfo. Anomalous Payload-based Network Intrusion Detection [C], In Proceedings of the Seventh International Symposium on Recent Advances in Intrusion Detection (RAID), 2004.
[31]张世永,网络安全原理与应用.科学出版社[M].pp23-24
[32] (美)Sean Convery,CCIE No.4232著.网络安全体系结构[M].pp145-146
[33]《神经网络与知识发现》/李雄飞,李军编著;北京高等教育出版社[M],2007.11
[34]温智宇,唐红,吴渝.神经网络技术在入侵检测系统中的应用[J].计算机工程与应用,40(17):153一156 2003.
[35]王丽苹.自适应的分布式网络入侵检测及防御系统的研究与实现: [J].西安:西北大学计算机软件与理论专业,2008.
[36]陶利民.轻量级网络入侵检测系统-Snort的研究[J].计算机应用研究,2007.4:104-108.
[2]鲜永菊.入侵检测[M].西安:电子科技大学出版社,2009.
[3]李剑.入侵检测技术[M].北京:高等教育出版社,2008.
[4]张良均、曹晶、蒋世忠.神经网络实用教程[M].北京:机械工业出版社,2008.
[5]钟珞、饶文碧、邹承明.人工神经网络及其融合应用技术[M].北京:科学出版社,2007.
[6]金山毒霸.2008年中国电脑病毒疫情及互联网安全报告[R].2009.2.
[7] Eskin E, Arnold A, Prerau M, et, al. A geometric framework for unsupervised anomaly detection: detecting intrusions in unlabeled data[A].Application of Data Mining in Computer Security [C].2002.77一102
[8] James.P.Anderson.Computer.Security.Threat.Monitoring.and.Surveillance[R].Washington:James P.Anderso Co.1980.
[9]唐正军.网络入侵检测系统的设计与实现[M].北京:电子工业出版社,2002:85-89.
[10]蒋建春、冯登国.网络入侵检测原理与技术[M].北京:国防工业出版社,2000,26(2):80-82.
[11]张杰,戴英侠.入侵检测系统技术现状及其发展趋势[J].计算机与通信.2002,(6):3-5.
[12]陶洪涛,基于RBF神经网络的入侵检测技术研究电子科技大学硕士学位论文.2006.
[13] Matgaret H.Dunhan郭崇慧等译DATA Mining Introductory and Advanced Topics[M]清华大学出版社2005.1
[14] (美) Sandhya Samarasinghe.神经网络在应用科学和工程中的应用.机械工业出版社[M] 2010
[15]王景新,戴葵,宋辉,王志英,基于神经网络的入侵检测系统[J],计算机工程与科学2003年第25卷第六期
[16] Wenke Lee,S.J.Stolfo,and K.W.Mok.“A data mining framework for building intrusion detection models”,In Proceedings of the 2007 IEEE. [J]
[17]高隽,人工神经网络原理及仿真实例.机械工业出版社[M]2003
[18] Chen MS. Data mining: An overview from a database perspective[J]. IEEE Trans Knowledge and Data Engineering, 1997, 8(6): 866一883.
[19] An Introduction to Intrusion Detection and Assessment.http://www.icsa.com. [J]
[20] Wenke Lee,“A Data Mining Framework for Constructing Features and Models for Intrusion Detection Systems”,PhD thesis,Columbia University,1999.[J]
[21] Agrawal R.,Mielinski T and A.Swami,Mining Association Rules Between Sets of Items in Large Databases.Proceeding of ACIFSIG,1990 International Conference.(1993),207-216[J]
[22]韩力群,人工神经网络的理论、设计及应用. [M]化学工业出版社2002
[23] W Lee,S Stolfo .Data mining approaches for intrusion detetion[C]. In,:Proc 7th USENIX Security Symposium (SECURITY'98),San Antonio.TX,1998: 79~94p
[24] R. Agrawal, R. Srikant .Fast Algorithms for Mining Association Rules,In Proceedings of the 20th VLDB Conference ,page 487-499, Santiago, Chile ,1994[J]
[25] R. Agrawal,T. Imielinski, and A. Swami. Mining association rules between sets of items in large databases. In Proceedings of the 1993 ACM SIGMOD International Conference on Management of Data, pages 207-216, Washington, DC, May 1993. [M]
[26] Hong Han , Xian-Liang Lu , Li-Yong Ren , Using Data Mining Signatures in Network-Based Intrusion Detection, Proceeding to Discover of the First Conference on Machine Leaning and Cybernetics, Beijing, 4-S November 2002. [M]
[27] Wenkee Lee, Salvatore J. Stolfo, Kui W. Mok, A Data Mining Framework for Building Intrusion Detection Models , Computer Science Department Columbia University, New York. [M]
[28] Cristina Abad , Jed Taylor , Log Con-elation for Intrusion Detection: A Proof of Concept, Proceeding of the 19th Annual Computer Security Application Conference [M] (ACSAC 2003)
[29] http://kdd.ics.uci.edu//databases/kddcup99/kddcup99.html[N]
[30] K.Wang, S.J.Stolfo. Anomalous Payload-based Network Intrusion Detection [C], In Proceedings of the Seventh International Symposium on Recent Advances in Intrusion Detection (RAID), 2004.
[31]张世永,网络安全原理与应用.科学出版社[M].pp23-24
[32] (美)Sean Convery,CCIE No.4232著.网络安全体系结构[M].pp145-146
[33]《神经网络与知识发现》/李雄飞,李军编著;北京高等教育出版社[M],2007.11
[34]温智宇,唐红,吴渝.神经网络技术在入侵检测系统中的应用[J].计算机工程与应用,40(17):153一156 2003.
[35]王丽苹.自适应的分布式网络入侵检测及防御系统的研究与实现: [J].西安:西北大学计算机软件与理论专业,2008.
[36]陶利民.轻量级网络入侵检测系统-Snort的研究[J].计算机应用研究,2007.4:104-108.