基于PSO-RBF神经网络的入侵检测系统的研究与实现
|
摘要
随着网络的普及,人们在日常生活和工作环境中对计算机网络越来越依赖,网络的安全性也越来越引起人们的关注。当前网络安全防护技术大多是被动的防御技术。而作为主动且动态的网络安全防御技术——入侵检测技术,是网络安全技术发展的一个新方向,是被动防御技术的必要补充。
本文阐述了一种入侵检测的新策略,通过分析现有的入侵检测技术和通用的入侵检测框架,发现基于人工神经网络的入侵检测是一种有效的入侵检测方法。因此在本文中,采用径向基函数(RBF)神经网络技术对入侵行为进行检测,他具有最佳逼近能力、网络结构简单、学习速度快的优点,但RBF神经网络的参数设置是基于参数空间局部信息的,不是全局最优值,这必将降低入侵检测效率。本文分析了具有全局寻优的功能PSO算法,该算法能够改进传统的RBF神经网络学习策略,可以弥补RBF神经网络参数设置的不足。在此基础之上,研究了基于PSO-RBF神经网络的入侵检测系统所需要解决的研究层面的问题,设计了一个原型系统。利用这个原型系统,从层次、模块两个维度分别对他的设计进行了介绍,同时对实现技术进行了讨论,并给出了部分模块的主要实现方法。目前本文已经实现了系统的封闭测试并探讨了如何对系统进行开放测试。实验结果表明,基于PSO-RBF神经网络的入侵检测系统有效的提高了入侵检测的效率。最后,通过对基于PSO-RBF神经网络的入侵检测系统研究、设计与实现的内容总结,本文指出了今后发展和改进的方向。
With the widely spread of internet, the everyday life and the working environment of people are having increasing dependence on the computer network, and thus the security of network is gaining more attentions of people. The current security defense techniques are mainly passive defense techniques. As an initiative and dynamic network security defense technique, the intrusion detection technique is a new direction of the development of network security, and is a necessary complementary of conventional network security techniques.
This paper introduces a new strategy of Intrusion detection. Through the analysis on the existing intrusion detection and common intrusion detection framework, I notice that, NN-based intrusion detection technique is an efficient method. So, I adopt the RBF-NN, which has the best approaching capability, simple network structure, and high leaning speed. But the parameters of RBF are based on the partial information in the whole parameter space, thus it may not be able to reach the global optimal value and reduces the detection rate. This paper analyzes the functions of PSO algorithm which has the capability to search the global optimal solution, the PSO algorithm can modify the study strategy of RBF-NN and it can fix the loophole of the parameters setting in RBF-NN. Based on this, I further study the research problems which need to be solved in the PSO-RBF NN based intrusion detection system, and design a prototype system. With this prototype system, I illustrate the implementation of the system from the perspective of hierarchy and modules. And I also present the design diagram and supporting techniques. For the major modules, I show the detailed implementation methodology. Now I have completed the close-test and discussed how to do the open-test. The experimental results show that, the intrusion detection system based on PSO-RBF NN can effectively enhance the efficiency of intrusion detection. Finally, through the conclusion on the research, design and implementation of PSO-RBF NN based intrusion detection system, I point out the possible future work.
本文阐述了一种入侵检测的新策略,通过分析现有的入侵检测技术和通用的入侵检测框架,发现基于人工神经网络的入侵检测是一种有效的入侵检测方法。因此在本文中,采用径向基函数(RBF)神经网络技术对入侵行为进行检测,他具有最佳逼近能力、网络结构简单、学习速度快的优点,但RBF神经网络的参数设置是基于参数空间局部信息的,不是全局最优值,这必将降低入侵检测效率。本文分析了具有全局寻优的功能PSO算法,该算法能够改进传统的RBF神经网络学习策略,可以弥补RBF神经网络参数设置的不足。在此基础之上,研究了基于PSO-RBF神经网络的入侵检测系统所需要解决的研究层面的问题,设计了一个原型系统。利用这个原型系统,从层次、模块两个维度分别对他的设计进行了介绍,同时对实现技术进行了讨论,并给出了部分模块的主要实现方法。目前本文已经实现了系统的封闭测试并探讨了如何对系统进行开放测试。实验结果表明,基于PSO-RBF神经网络的入侵检测系统有效的提高了入侵检测的效率。最后,通过对基于PSO-RBF神经网络的入侵检测系统研究、设计与实现的内容总结,本文指出了今后发展和改进的方向。
With the widely spread of internet, the everyday life and the working environment of people are having increasing dependence on the computer network, and thus the security of network is gaining more attentions of people. The current security defense techniques are mainly passive defense techniques. As an initiative and dynamic network security defense technique, the intrusion detection technique is a new direction of the development of network security, and is a necessary complementary of conventional network security techniques.
This paper introduces a new strategy of Intrusion detection. Through the analysis on the existing intrusion detection and common intrusion detection framework, I notice that, NN-based intrusion detection technique is an efficient method. So, I adopt the RBF-NN, which has the best approaching capability, simple network structure, and high leaning speed. But the parameters of RBF are based on the partial information in the whole parameter space, thus it may not be able to reach the global optimal value and reduces the detection rate. This paper analyzes the functions of PSO algorithm which has the capability to search the global optimal solution, the PSO algorithm can modify the study strategy of RBF-NN and it can fix the loophole of the parameters setting in RBF-NN. Based on this, I further study the research problems which need to be solved in the PSO-RBF NN based intrusion detection system, and design a prototype system. With this prototype system, I illustrate the implementation of the system from the perspective of hierarchy and modules. And I also present the design diagram and supporting techniques. For the major modules, I show the detailed implementation methodology. Now I have completed the close-test and discussed how to do the open-test. The experimental results show that, the intrusion detection system based on PSO-RBF NN can effectively enhance the efficiency of intrusion detection. Finally, through the conclusion on the research, design and implementation of PSO-RBF NN based intrusion detection system, I point out the possible future work.
引文
[1] WANG J, WANG Z, DA I K. A network intrusion detection system based on the artificial neural networks [A]. Proceedings of the 3rd international conference on Information security[C]. 2004.
[2] Haralambos Sarimveis, Alex Alexandridis, Stefanos Mazarakis, George Bafas. A new algorithm for developing dynamic radial basis function neural network mode based on genetic algorithms[J].Computers and Chemical Engineering(S0098-1354), 2004,28(1-2):209-217
[3] Simon Haykin(著),叶世伟,史忠植(译).神经网络原理[M].机械工业出版社,2004.1
[4] HOFMANN A, SCHMITZ C, SICK B. Rule extraction from neural networks for intrusion detection in computer networks Systems[A].IEEE International Conference onMan and Cybernetics[C ]. 2003.1259 -1265.
[5] WANG L, YU G,WANG G, et al. Method of evolutionary neural net-work-based intrusion detection[A]. International Conferences on In-fo-tech and Info-net, ICII 2001 [C ]. Beijing, 2001. 13 -18.
[6] EberhartR,Shi Yuhui. Particle swarm optimization: developments, applications and resources [C]//IEEE International Conference on Evolutionary Computation, Seoul, South Korea, 2001:81-86
[7] WEI Haikun, XU Sixin, SONG Wenzhong. An evolutionary selecting algorithm for designing minimal RBF nets. Control Theory & Application, 2000, 1
[8] Shi Y,Eberhart R. A modified particle swarm optimizer[C].IEEE World Congresson Computational Intelligence,1998,69~73
[9] Kennedy J, Eberhart R. Particle Swarm Optimization[C]//Proceedings of IEEE International Conference on Neural Network,Piscataway. 1995: 1942-1948.
[10] 李朝荣,张 鹰,张安妮. 基于 PSO 算法的神经网络集成入侵检测系统.计算机工程,2007,7
[11] 闫丽丽,昌燕,周兴涛. 网络数据包捕获机制研究.信息安全,2007.
[12] 滕少华, 王琳. 径向基神经网络在入侵检测中的应用[J]. 江西师范大学学报(自然科学版),2007,5
[13] 李革新. 网络数据包捕获工具的开发与实现.计算机工程与设计.2007.4
[14] 刘燕,杜根远,姜建国. 改进的 RBF 神经网络在入侵检测中的应用.微计算机信息,2007, 4
[15] 孙杰,戴月,王爱强. 基于遗传神经网络的入侵检测系统设计.微计算机信息 ( 管控一体化),2007年 23 卷第 7-3 期
[16] 肖本贤,王晓伟,刘一福.MPSO_RBF 优化策略在锅炉过热系统辨识中的仿真研究[J].系统仿真学报,2007,3
[17] 胡军华,周炎涛,郭如冰. 一种基于网络的入侵检测模型及其实现[J].湖南大学学报,2006,12
[18] 李丽芬. 基于 RBF 神经网络的多级入侵检测研究[J].华北电力大学学报,2006,11
[19] 苏小红,侯秋香. RBF 神经网络的混合学习算法[J].哈尔滨工业大学学报,2006.9
[20] 王新生,卢军从,吴继东. 基于协议分析的入侵检测方法的改进[J].燕山大学学报.2006,7
[21] 乔晓梅. 基于粒子群算法优化的神经网络在入侵检测中的应用.商业科技,2006,6
[22] 李战春,李之棠,黎耀. 基于径向基函数的入侵检测系统.计算机应用,2006.5
[23] 陶洪涛.基于 RBF 神经网络的入侵检测技术研究[D].2006.5
[24] 周炎涛,郭如冰,李肯立,吴正国. 基于前馈多层感知器的网络入侵检测的多数据包分析. 计算机应用,2006,4
[25] 张小军,冯宏伟. 基于径向基函数神经网络的车型识别技术[J]. 西北大学学报,2006,3
[26] 费洪晓,谢文彪,郭球辉,戴宏伟,裘方敏.协议分析在入侵检测系统中的应用.计算机系统应用.2006,3
[27] 袁卫华 ,傅光轩 ,鲁梦 . 一种基于协议分析的入侵检测模型的设计 .网络安全技术与应用.2005,12
[28] 罗桂琼. 基于协议分析的入侵检测系统.电脑与信息技术.2005,8
[29] 王勇, 杨辉华, 王行愚, 何倩. 一种基于进化神经网络的入侵检测实验系统[J].华东理工大学学报,2005,6
[30] 唐正军. 入侵检测技术导论[M]. 北京:机械工业出版社,2004 :16.
[31] 肖瀛,李涛,王先旺,冷丽琴,刘峰,尹鹏. 智能神经网络在 Internet 入侵检测中的应用. 高技术通讯,2002,7
[32] 周俊武,孙传尧,王福利. 径向基函数(RBF)网络的研究及实现. 矿冶, 2001, 10
[33] 朱明星,张德龙. RBF 网络基函数中心选取算法的研究[J]. 安徽大学学报(自然科学版) , 2000, 2
[34] 良友翻译组. TCP/IP 及相关协议[M]. 北京: 机械工业出版社,2000.
[2] Haralambos Sarimveis, Alex Alexandridis, Stefanos Mazarakis, George Bafas. A new algorithm for developing dynamic radial basis function neural network mode based on genetic algorithms[J].Computers and Chemical Engineering(S0098-1354), 2004,28(1-2):209-217
[3] Simon Haykin(著),叶世伟,史忠植(译).神经网络原理[M].机械工业出版社,2004.1
[4] HOFMANN A, SCHMITZ C, SICK B. Rule extraction from neural networks for intrusion detection in computer networks Systems[A].IEEE International Conference onMan and Cybernetics[C ]. 2003.1259 -1265.
[5] WANG L, YU G,WANG G, et al. Method of evolutionary neural net-work-based intrusion detection[A]. International Conferences on In-fo-tech and Info-net, ICII 2001 [C ]. Beijing, 2001. 13 -18.
[6] EberhartR,Shi Yuhui. Particle swarm optimization: developments, applications and resources [C]//IEEE International Conference on Evolutionary Computation, Seoul, South Korea, 2001:81-86
[7] WEI Haikun, XU Sixin, SONG Wenzhong. An evolutionary selecting algorithm for designing minimal RBF nets. Control Theory & Application, 2000, 1
[8] Shi Y,Eberhart R. A modified particle swarm optimizer[C].IEEE World Congresson Computational Intelligence,1998,69~73
[9] Kennedy J, Eberhart R. Particle Swarm Optimization[C]//Proceedings of IEEE International Conference on Neural Network,Piscataway. 1995: 1942-1948.
[10] 李朝荣,张 鹰,张安妮. 基于 PSO 算法的神经网络集成入侵检测系统.计算机工程,2007,7
[11] 闫丽丽,昌燕,周兴涛. 网络数据包捕获机制研究.信息安全,2007.
[12] 滕少华, 王琳. 径向基神经网络在入侵检测中的应用[J]. 江西师范大学学报(自然科学版),2007,5
[13] 李革新. 网络数据包捕获工具的开发与实现.计算机工程与设计.2007.4
[14] 刘燕,杜根远,姜建国. 改进的 RBF 神经网络在入侵检测中的应用.微计算机信息,2007, 4
[15] 孙杰,戴月,王爱强. 基于遗传神经网络的入侵检测系统设计.微计算机信息 ( 管控一体化),2007年 23 卷第 7-3 期
[16] 肖本贤,王晓伟,刘一福.MPSO_RBF 优化策略在锅炉过热系统辨识中的仿真研究[J].系统仿真学报,2007,3
[17] 胡军华,周炎涛,郭如冰. 一种基于网络的入侵检测模型及其实现[J].湖南大学学报,2006,12
[18] 李丽芬. 基于 RBF 神经网络的多级入侵检测研究[J].华北电力大学学报,2006,11
[19] 苏小红,侯秋香. RBF 神经网络的混合学习算法[J].哈尔滨工业大学学报,2006.9
[20] 王新生,卢军从,吴继东. 基于协议分析的入侵检测方法的改进[J].燕山大学学报.2006,7
[21] 乔晓梅. 基于粒子群算法优化的神经网络在入侵检测中的应用.商业科技,2006,6
[22] 李战春,李之棠,黎耀. 基于径向基函数的入侵检测系统.计算机应用,2006.5
[23] 陶洪涛.基于 RBF 神经网络的入侵检测技术研究[D].2006.5
[24] 周炎涛,郭如冰,李肯立,吴正国. 基于前馈多层感知器的网络入侵检测的多数据包分析. 计算机应用,2006,4
[25] 张小军,冯宏伟. 基于径向基函数神经网络的车型识别技术[J]. 西北大学学报,2006,3
[26] 费洪晓,谢文彪,郭球辉,戴宏伟,裘方敏.协议分析在入侵检测系统中的应用.计算机系统应用.2006,3
[27] 袁卫华 ,傅光轩 ,鲁梦 . 一种基于协议分析的入侵检测模型的设计 .网络安全技术与应用.2005,12
[28] 罗桂琼. 基于协议分析的入侵检测系统.电脑与信息技术.2005,8
[29] 王勇, 杨辉华, 王行愚, 何倩. 一种基于进化神经网络的入侵检测实验系统[J].华东理工大学学报,2005,6
[30] 唐正军. 入侵检测技术导论[M]. 北京:机械工业出版社,2004 :16.
[31] 肖瀛,李涛,王先旺,冷丽琴,刘峰,尹鹏. 智能神经网络在 Internet 入侵检测中的应用. 高技术通讯,2002,7
[32] 周俊武,孙传尧,王福利. 径向基函数(RBF)网络的研究及实现. 矿冶, 2001, 10
[33] 朱明星,张德龙. RBF 网络基函数中心选取算法的研究[J]. 安徽大学学报(自然科学版) , 2000, 2
[34] 良友翻译组. TCP/IP 及相关协议[M]. 北京: 机械工业出版社,2000.