基于Takagi-Sugeno模型FNN的入侵检测技术研究
|
摘要
入侵检测是一种积极主动的安全防护技术,它可以监视主机系统或是网络上的用户活动,发现可能存在的入侵行为。但由于我国入侵检测技术研究起步较晚,目前入侵检测系统依然存在许多不足,如虚报率和漏报率较高和主动防御能力较弱等问题。为此本论文分析了国内外利用模糊神经网络解决入侵检测技术中存在的问题和不足,对基于模糊神经网络的入侵检测技术进行了深入研究。
首先,针对传统基于BP模糊神经网络入侵检测方法的不足,提出了一种基于Takagi-Sugeno模型的模糊神经网络入侵检测方法,该方法采用Takagi-Sugeno模型的神经网络结构。同时本文设计了一个特征选择算法(Selected-F)对网络数据属性进行降维处理,通过分类检测方法降低计算代价,完成入侵检测。
其次,设计了一种改进的遗传算法,并用其对Takagi-Sugeno模型模糊神经网络的各种权值参数进行优化。通过模糊神经网络方法实现网络数据的分析,解决了入侵检测存在的模糊性问题,提高了算法的健壮性。
最后,使用KDD CUP 99标准数据集作为实验数据,在Windows XP操作系统环境下,用Matlab仿真实验工具进行仿真实验。实验结果显示,该检测方法能够有效检测入侵攻击,具有较低的误报率和漏报率,并能实现对攻击的实时检测。
Intrusion detection is a technology which can protect our information. It can monitor our systems or networks, and find the intrusions. However, the intrusion detection system has many deficiencies for its short history, e.g., higher false rate, the weakness of active detecting, etc.This paper has further deep research on intrusion detection based on fuzzy neural network technology after analysizing these existing issues using intrusion detection technology based on fuzzy neural network.
Firstly, according the limitation of the traditional intusion detection method based on BP fuzzy neural network, an intrusion detection method based on Takagi-Sugeno fuzzy neural network is proposed, which adopts the neural network structure based on Takagi-Sugeno model. Meanwhile, a feature select algorithm (Selected-F) is designed to reduce the dimension of network data properties, a method of category detection to reduce computational cost,to complete intrusion detection.
Secondly, an improved genetic algorithm is designed to mediate the various parameters of neural network. Fuzzy thinking to analyze network data are adopted to solve the fuzzy problems of intrusion detection, which improves the robustness of genetic algorithm.
Finally, we have a simulation experiment, using KDD CUP 99 standard data set as an experimental data, with Matlab in the Windows XP operating system environment. The experiments show that with the method, attacks could be detected effectively, precisely and real-timely.
首先,针对传统基于BP模糊神经网络入侵检测方法的不足,提出了一种基于Takagi-Sugeno模型的模糊神经网络入侵检测方法,该方法采用Takagi-Sugeno模型的神经网络结构。同时本文设计了一个特征选择算法(Selected-F)对网络数据属性进行降维处理,通过分类检测方法降低计算代价,完成入侵检测。
其次,设计了一种改进的遗传算法,并用其对Takagi-Sugeno模型模糊神经网络的各种权值参数进行优化。通过模糊神经网络方法实现网络数据的分析,解决了入侵检测存在的模糊性问题,提高了算法的健壮性。
最后,使用KDD CUP 99标准数据集作为实验数据,在Windows XP操作系统环境下,用Matlab仿真实验工具进行仿真实验。实验结果显示,该检测方法能够有效检测入侵攻击,具有较低的误报率和漏报率,并能实现对攻击的实时检测。
Intrusion detection is a technology which can protect our information. It can monitor our systems or networks, and find the intrusions. However, the intrusion detection system has many deficiencies for its short history, e.g., higher false rate, the weakness of active detecting, etc.This paper has further deep research on intrusion detection based on fuzzy neural network technology after analysizing these existing issues using intrusion detection technology based on fuzzy neural network.
Firstly, according the limitation of the traditional intusion detection method based on BP fuzzy neural network, an intrusion detection method based on Takagi-Sugeno fuzzy neural network is proposed, which adopts the neural network structure based on Takagi-Sugeno model. Meanwhile, a feature select algorithm (Selected-F) is designed to reduce the dimension of network data properties, a method of category detection to reduce computational cost,to complete intrusion detection.
Secondly, an improved genetic algorithm is designed to mediate the various parameters of neural network. Fuzzy thinking to analyze network data are adopted to solve the fuzzy problems of intrusion detection, which improves the robustness of genetic algorithm.
Finally, we have a simulation experiment, using KDD CUP 99 standard data set as an experimental data, with Matlab in the Windows XP operating system environment. The experiments show that with the method, attacks could be detected effectively, precisely and real-timely.
引文
1胡昌振.网络入侵检测原理与技术.北京:北京理工大学出版社,2006:6-11
2 J. P. Anderson. Computer security threat monitoring and surveillance. IEEE Trans. on Neural Networks,2004,5(1):24-38
3崔蔚,任继念,徐永红.入侵检测系统的研究现状及发展趋势.西安邮电学院学报.2006,11(1):66-67
4孙知信,徐红霞.模糊技术在入侵检测系统中的应用研究综述.南京邮电大学学报2006,26(4):74-75
5 K. M.Richards. Network based intrusion detection. IEEE Trans. on Computers & Security, 2002,5(1):24-38
6 H. Debar, M. Becker, D. A Siboni. Neural network component for intrusion detections System.IEEE Symposium on Security and Privacy,2002,18(1)256- 266
7 Y.Yao.Neural network for intrusion detection.Proceedings of the 3rd international conference on Information security,2004,8(1):35-38
8王永全.入侵检测系统的研究现状和展望.通信技术.2008,41(203):140-141
9 D. Anderson, T. Frivold.Next-Generation intrusion detection expert system. IEEE Trans. on Computers & Security, 2004,12(1):114-118
10胡昌振.把握我国信息安全技术的跨越式发展机遇.计算机安全,2003,31(9):40-42
11 J. Ryan, R. Miikkulainen .Intrusion detection with neural networks. Proceedings of the 6th international conference on Information security,2006,18(1):16-18
12 A. Abraham, R. Jain. Soft computing models for network intrusiondetection systems. Studies in Computational Intelligence,2005,16(1):191–211
13 Z. Zhang, J. Li, C. Manikopoulo.A hierarchical network intrusion detection system using statistical preprocessing and neural network classification, Proceedings of the 2nd Annual IEEE Systems,2001,46(1):85–90
14 J. Aderson.Implementing pushback router-based defense against DDoS attacksIn.proceedings of Network and Distributed System Security,Symposium,1980:75–80
15 D. E. Denning. An Evaluation of Negative Selection in an Artificial Immune System for Network Intrusion Detection.In Genetic and Evolutionary Computation Conference,1987,23(2):54-59
16 A. Heberlein.Multi-layer Model for Anomaly IntrusionDetection Using Program Sequences of System Calls,The 11th IEEE International Conference on Networks (ICON 2003),1990,124(2):101-109
17 Ghosh. State Transition Analysis: A Rule based Intrusion Detection Approach. IEEE Trans on Software Engineering,2007,21(3):181-199
18张剑,龚俭.一种基于非单调逻辑理论的入侵检测系统.计算机学报,2003,26(9): 1064-1065
19 S. Maheshkumar, S. Gursel. Application of machine learning algorithms to KDD intrusion detection dataset within misuse detection context,In Proceedings of International Conference on Machine Learning,2006,32(3):209–215
20 G. Florez, S. Bridges, Vaughn R. An improved algorithm for fuzzy data mining for intrusion detection. In: Annual meeting of the North American on fuzzy information 2006,27(1):457–462
21 J. Sekar, J. Han, W. Wang. Mining Sequential Patterns with Constraint in Large Databases. In Proc. of the 11th Int. Conf. on Information and Knowledge Management, 2007:18-25
22 M. Gao, M.C. Zhou. Fuzzy intrusion detection based on fuzzy reasoning Petri nets, Proceeding of the IEEE InternationalConference on Systems,2006,5(1):1272–1277
23 Z. S. Pan, H. Lian, G. Y. Hu. An Integrated Model of Intrusion Detection Based on neural Network and Expert System.Proceeding of the 17th International Conference on Tools with Artificial Intelligence,2005:124–129
24 X. G. He. Fuzzy theories and fuzzy techniques in knowledge processing.Beijing: National Defense Industry Press, 2003:6-11
25 WANG Wengdong. Genetic Algorithm Optimization of Membership Function for Mining Fuzzy Association Rules. International Joint Conference on InformationSystems, Fuzzy Theory and Technology.2006:1041-1046
26伍良富.一种基于神经网络的黑客入侵检测新方法研究.小型微型计算机系统,2003,24(8),22–24
27毕靖,成晓静.一种基于智能神经网络的人侵检测新方法.北京建筑工程学院学报,2007,23(2):53-54
28 KDD Cup 1999 Intrusion detection dataset: http://kdd.ics.uci.edu/ databases/kddcup99/ kddcup99.htm
29 J. Blatak, L. Popelinsky. Distributed Mining First-order Frequent Patterns.In Proc. of the Short Presentations,2004:5-10
30 J. G. Lu, F. Y. Yue. Guang-xue.Worm intrusion alarm modeling based on network traffic character,IEEEI M SCCS,2006.6(2):143-148
31 Q. D. Sun, D. Y. Zhang, P. Gao.Detecting distributed denial of service attacks based on time series analysis.Chinese Journal of Computers,2006,28 (5):767-773
32王文娟,王杰.基于Apriori改进算法的入侵检测系统的研究.微计算机信息(管控一体化),2006,41(34):114-116
33阎平凡.人工神经网络与模拟进化计算.北京:清华大学出版社,2000:145–148
34 R. Esteller,G. Vachtsevanos.A comparision of fractal dimention algorithms using synthetic and experimental data,Proceeding of the 1999 IEEE International Symposium on Circuits and Systems,1999:199-202
35 T. J. Ross著,模糊逻辑及其工程应用.北京:电子工业出版社,2001:116-119
36 N. R. Pal, J. C. Bezdek.On cluster validity for the fuzzy c-means model.IEEE Trans.Fuzzy Systems,1995,3(3):370-379
37杨长春,倪彤光.一种基于数据挖掘的DDoS攻击入侵检测系统.计算机工程,2007,33(23):167-169
38 S. Christodoulou.Optimum bid markup calculation using neuro fuzzy systems and multidimensional risk analysis algorithm. Journal of Computing in Civil Engineering, 2004,18(4),322–330
39 G. Bortolan, W. Pedrycz. Linguistic neurocomputing: the design of neural networks in the framework of fuzzy sets. Fuzzy Sets and Systems,2002:389–412
40 A. N. Toosi, M. Kahani, R. Monsefi. Intrusion detection based on neuro fuzzy classification, Proceedings of IEEE International Conference on Computing and Informatics,Kuala Lumpur,Malaysia,2006:91–101
41 M. R. Sabhnani, G. Serpen.Why machine learning algorithms fail in misuse detection on KDD intrusion detection data set,Journal of Intelligent Data Analysis,2004,8(4): 43–45
42 A. Abraham, R. Jain, Soft computing models for network intrusion detection systems, Studies in Computational Intelligence,2005,16(3),191–211
43 M. S. Abadeh, J. Habibi, C. Lucas.Intrusion detection using a fuzzy genetics based learning algorithm. Journal of Network and Computer Application,2007;30:414–28
44 S. Cho. In corporating soft computing techniques into a probabilistic intrusion detection system. IEEE Transactions on Systems,2002,32(2):29-35
45 S. Y. Lee, W. L. Low, P. Y. Wong. Learning Fingerprints for a Database Intrusion Detection System.In 7th European Symposium on Research in Computer Security (ESORICS).2002,18(6),121-124
46 T. Takagi, M. Sugeno.Fuzzy identification of systems and its applications to modeling and control, IEEE Transaction on Systems,Man and Cybernetics,1985:116-132
47 Feng C, Peng J, Qiao H, Rozenblit JW. Alert fusion for a computer host based intrusion detection system. In the 4th annual IEEE international conference and workshops on the engineering of computer-based systems, 26–29 March 2007. p. 433–40
48 L. Vokorokos, M. Chovanec, O. Latka. Security of distributed intrusion detection system based on multisensor fusion. SAMI 2008. In: 6th international symposium on applied machine intelligence and informatics,2008:19–24
49 J C. Bezdek. Pattern recognition with fuzzy objective function algorithms.New York: Plenum Press,1991:246-249
50 C. Chuang, J. Jeng. A Soft Computing Technique for Noise Data with Outliers.In Proceedings of the 2004 IEEE International Conference on Networking Sensing & Control,2004:1171-1176
51 M. Analoui, M. B. Bidgoli, H. M. Rezvani. Hierarchical classifier combination and its application in networks intrusion detection. In the 7th IEEE international conference on data mining workshops,2007:533–8
52 C. H. Tsang, S. Kwong, H. Wang. Anomaly intrusion detection using multi-objective genetic fuzzy system and agent-based BP fuzzy neural network. Proceedings of the 5th IEEE International Conference on Data Mining (ICDM’05),2005,119–124
2 J. P. Anderson. Computer security threat monitoring and surveillance. IEEE Trans. on Neural Networks,2004,5(1):24-38
3崔蔚,任继念,徐永红.入侵检测系统的研究现状及发展趋势.西安邮电学院学报.2006,11(1):66-67
4孙知信,徐红霞.模糊技术在入侵检测系统中的应用研究综述.南京邮电大学学报2006,26(4):74-75
5 K. M.Richards. Network based intrusion detection. IEEE Trans. on Computers & Security, 2002,5(1):24-38
6 H. Debar, M. Becker, D. A Siboni. Neural network component for intrusion detections System.IEEE Symposium on Security and Privacy,2002,18(1)256- 266
7 Y.Yao.Neural network for intrusion detection.Proceedings of the 3rd international conference on Information security,2004,8(1):35-38
8王永全.入侵检测系统的研究现状和展望.通信技术.2008,41(203):140-141
9 D. Anderson, T. Frivold.Next-Generation intrusion detection expert system. IEEE Trans. on Computers & Security, 2004,12(1):114-118
10胡昌振.把握我国信息安全技术的跨越式发展机遇.计算机安全,2003,31(9):40-42
11 J. Ryan, R. Miikkulainen .Intrusion detection with neural networks. Proceedings of the 6th international conference on Information security,2006,18(1):16-18
12 A. Abraham, R. Jain. Soft computing models for network intrusiondetection systems. Studies in Computational Intelligence,2005,16(1):191–211
13 Z. Zhang, J. Li, C. Manikopoulo.A hierarchical network intrusion detection system using statistical preprocessing and neural network classification, Proceedings of the 2nd Annual IEEE Systems,2001,46(1):85–90
14 J. Aderson.Implementing pushback router-based defense against DDoS attacksIn.proceedings of Network and Distributed System Security,Symposium,1980:75–80
15 D. E. Denning. An Evaluation of Negative Selection in an Artificial Immune System for Network Intrusion Detection.In Genetic and Evolutionary Computation Conference,1987,23(2):54-59
16 A. Heberlein.Multi-layer Model for Anomaly IntrusionDetection Using Program Sequences of System Calls,The 11th IEEE International Conference on Networks (ICON 2003),1990,124(2):101-109
17 Ghosh. State Transition Analysis: A Rule based Intrusion Detection Approach. IEEE Trans on Software Engineering,2007,21(3):181-199
18张剑,龚俭.一种基于非单调逻辑理论的入侵检测系统.计算机学报,2003,26(9): 1064-1065
19 S. Maheshkumar, S. Gursel. Application of machine learning algorithms to KDD intrusion detection dataset within misuse detection context,In Proceedings of International Conference on Machine Learning,2006,32(3):209–215
20 G. Florez, S. Bridges, Vaughn R. An improved algorithm for fuzzy data mining for intrusion detection. In: Annual meeting of the North American on fuzzy information 2006,27(1):457–462
21 J. Sekar, J. Han, W. Wang. Mining Sequential Patterns with Constraint in Large Databases. In Proc. of the 11th Int. Conf. on Information and Knowledge Management, 2007:18-25
22 M. Gao, M.C. Zhou. Fuzzy intrusion detection based on fuzzy reasoning Petri nets, Proceeding of the IEEE InternationalConference on Systems,2006,5(1):1272–1277
23 Z. S. Pan, H. Lian, G. Y. Hu. An Integrated Model of Intrusion Detection Based on neural Network and Expert System.Proceeding of the 17th International Conference on Tools with Artificial Intelligence,2005:124–129
24 X. G. He. Fuzzy theories and fuzzy techniques in knowledge processing.Beijing: National Defense Industry Press, 2003:6-11
25 WANG Wengdong. Genetic Algorithm Optimization of Membership Function for Mining Fuzzy Association Rules. International Joint Conference on InformationSystems, Fuzzy Theory and Technology.2006:1041-1046
26伍良富.一种基于神经网络的黑客入侵检测新方法研究.小型微型计算机系统,2003,24(8),22–24
27毕靖,成晓静.一种基于智能神经网络的人侵检测新方法.北京建筑工程学院学报,2007,23(2):53-54
28 KDD Cup 1999 Intrusion detection dataset: http://kdd.ics.uci.edu/ databases/kddcup99/ kddcup99.htm
29 J. Blatak, L. Popelinsky. Distributed Mining First-order Frequent Patterns.In Proc. of the Short Presentations,2004:5-10
30 J. G. Lu, F. Y. Yue. Guang-xue.Worm intrusion alarm modeling based on network traffic character,IEEEI M SCCS,2006.6(2):143-148
31 Q. D. Sun, D. Y. Zhang, P. Gao.Detecting distributed denial of service attacks based on time series analysis.Chinese Journal of Computers,2006,28 (5):767-773
32王文娟,王杰.基于Apriori改进算法的入侵检测系统的研究.微计算机信息(管控一体化),2006,41(34):114-116
33阎平凡.人工神经网络与模拟进化计算.北京:清华大学出版社,2000:145–148
34 R. Esteller,G. Vachtsevanos.A comparision of fractal dimention algorithms using synthetic and experimental data,Proceeding of the 1999 IEEE International Symposium on Circuits and Systems,1999:199-202
35 T. J. Ross著,模糊逻辑及其工程应用.北京:电子工业出版社,2001:116-119
36 N. R. Pal, J. C. Bezdek.On cluster validity for the fuzzy c-means model.IEEE Trans.Fuzzy Systems,1995,3(3):370-379
37杨长春,倪彤光.一种基于数据挖掘的DDoS攻击入侵检测系统.计算机工程,2007,33(23):167-169
38 S. Christodoulou.Optimum bid markup calculation using neuro fuzzy systems and multidimensional risk analysis algorithm. Journal of Computing in Civil Engineering, 2004,18(4),322–330
39 G. Bortolan, W. Pedrycz. Linguistic neurocomputing: the design of neural networks in the framework of fuzzy sets. Fuzzy Sets and Systems,2002:389–412
40 A. N. Toosi, M. Kahani, R. Monsefi. Intrusion detection based on neuro fuzzy classification, Proceedings of IEEE International Conference on Computing and Informatics,Kuala Lumpur,Malaysia,2006:91–101
41 M. R. Sabhnani, G. Serpen.Why machine learning algorithms fail in misuse detection on KDD intrusion detection data set,Journal of Intelligent Data Analysis,2004,8(4): 43–45
42 A. Abraham, R. Jain, Soft computing models for network intrusion detection systems, Studies in Computational Intelligence,2005,16(3),191–211
43 M. S. Abadeh, J. Habibi, C. Lucas.Intrusion detection using a fuzzy genetics based learning algorithm. Journal of Network and Computer Application,2007;30:414–28
44 S. Cho. In corporating soft computing techniques into a probabilistic intrusion detection system. IEEE Transactions on Systems,2002,32(2):29-35
45 S. Y. Lee, W. L. Low, P. Y. Wong. Learning Fingerprints for a Database Intrusion Detection System.In 7th European Symposium on Research in Computer Security (ESORICS).2002,18(6),121-124
46 T. Takagi, M. Sugeno.Fuzzy identification of systems and its applications to modeling and control, IEEE Transaction on Systems,Man and Cybernetics,1985:116-132
47 Feng C, Peng J, Qiao H, Rozenblit JW. Alert fusion for a computer host based intrusion detection system. In the 4th annual IEEE international conference and workshops on the engineering of computer-based systems, 26–29 March 2007. p. 433–40
48 L. Vokorokos, M. Chovanec, O. Latka. Security of distributed intrusion detection system based on multisensor fusion. SAMI 2008. In: 6th international symposium on applied machine intelligence and informatics,2008:19–24
49 J C. Bezdek. Pattern recognition with fuzzy objective function algorithms.New York: Plenum Press,1991:246-249
50 C. Chuang, J. Jeng. A Soft Computing Technique for Noise Data with Outliers.In Proceedings of the 2004 IEEE International Conference on Networking Sensing & Control,2004:1171-1176
51 M. Analoui, M. B. Bidgoli, H. M. Rezvani. Hierarchical classifier combination and its application in networks intrusion detection. In the 7th IEEE international conference on data mining workshops,2007:533–8
52 C. H. Tsang, S. Kwong, H. Wang. Anomaly intrusion detection using multi-objective genetic fuzzy system and agent-based BP fuzzy neural network. Proceedings of the 5th IEEE International Conference on Data Mining (ICDM’05),2005,119–124