基于实数编码遗传神经网络的入侵检测方法研究
|
摘要
随着科技进步和计算机网络技术的发展,网络时代来临了,它的到来彻底改变了人们的生活方式,越来越多的人融入到了网络,享受着网络带给人们的种种便利。但同时随着互联网规模的迅速扩大,安全问题已经成为一个互联网发展中无法回避的核心问题。
传统的网络安全模型己经不能适应网络技术的发展,PPDR模型应运而生。入侵检测作为PPDR模型的重要组成部分,是对防火墙、数据加密等安全保护措施的有效补充,能够识别针对计算机和网络资源的恶意企图和行为,并做出及时响应。入侵检测分析技术是入侵检测系统的核心,主要可分为异常入侵检测和误用入侵检测。
针对入侵检测系统中存在的高漏报率、误报率问题,本文提出一种基于实数编码遗传神经网络的分类检测器同步检测模型,该模型基于异常入侵检测;同时提出数据预处理过程中样本精简的方法,该方法能够有效压缩样本数据;最后,我们利用实数编码遗传算法的强全局搜索能力和BP网络局部精确搜索的特性,将实数编码遗传算法和BP算法有机结合,利用遗传算法优化网络初始权重,使训练好的网络作为一个分类检测器能更有效地检测入侵。实数编码遗传算法与BP算法的有机结合可以克服BP算法收敛速度慢、易陷入局部极小点等缺陷,同时也省去了二进制编码遗传算法在进化过程中的个体编码、解码操作。研究表明,该方法效果良好,学习速度快,分类准确率高。
With the advancement of science and technology and the development of computer network techniques, the Internet age is coming. It's arrival has completely changed people's way of life, and more and more people had been engaged in the network,enjoying the various conveniences that network brings. However, as the Internet is rapidly expanding, the security issue has become the core issue that can not be ignored in the internet development.
Traditional network security model can not fit the development of network technology, PPDR model emerged as the age requires. Intrusion detection is an important composed part in PPDR model. It makes up for security protection measures about firewall and data encryption. It can identify malicious intention and act to the computer and network resources, and make an instant response. Intrusion detection analysis technology is the core of intrusion detection system which includes abnormity intrusion detection and abused intrusion detection.
Considering the problem of high rate of false negatives and false positives of IDS, this thesis presents a kind of synchronous detection model of classification detector, which is based on the real-coded genetic neural network and is a kind of abnormity intrusion detection. Meanwhile, a method of sample streamlining in the data pretreatment process has also been presented, by which sample data can be effectively compressed. Finally, in order to take advantage of both the traits that the real-coded genetic algorithms are good at global searching, and the great performance of the back propagation (BP) in accurate local searching, we join the real-coded genetics algorithm and BP algorithm together to optimize the initial weights of BP with GA. And then the trained network can be used as a separate detector, which is more effective in intrusion detection. Their effective combination can overcome the shortcomings of slow constringency rate and immersion minim value of the traditional BP algorithm, and omit the individual’s coding and decoding operations of binary-coded genetic algorithms during evolvement process. The research shows that this technology is well, and it has the advantages of rapid learning rate and high classify accuracy.
传统的网络安全模型己经不能适应网络技术的发展,PPDR模型应运而生。入侵检测作为PPDR模型的重要组成部分,是对防火墙、数据加密等安全保护措施的有效补充,能够识别针对计算机和网络资源的恶意企图和行为,并做出及时响应。入侵检测分析技术是入侵检测系统的核心,主要可分为异常入侵检测和误用入侵检测。
针对入侵检测系统中存在的高漏报率、误报率问题,本文提出一种基于实数编码遗传神经网络的分类检测器同步检测模型,该模型基于异常入侵检测;同时提出数据预处理过程中样本精简的方法,该方法能够有效压缩样本数据;最后,我们利用实数编码遗传算法的强全局搜索能力和BP网络局部精确搜索的特性,将实数编码遗传算法和BP算法有机结合,利用遗传算法优化网络初始权重,使训练好的网络作为一个分类检测器能更有效地检测入侵。实数编码遗传算法与BP算法的有机结合可以克服BP算法收敛速度慢、易陷入局部极小点等缺陷,同时也省去了二进制编码遗传算法在进化过程中的个体编码、解码操作。研究表明,该方法效果良好,学习速度快,分类准确率高。
With the advancement of science and technology and the development of computer network techniques, the Internet age is coming. It's arrival has completely changed people's way of life, and more and more people had been engaged in the network,enjoying the various conveniences that network brings. However, as the Internet is rapidly expanding, the security issue has become the core issue that can not be ignored in the internet development.
Traditional network security model can not fit the development of network technology, PPDR model emerged as the age requires. Intrusion detection is an important composed part in PPDR model. It makes up for security protection measures about firewall and data encryption. It can identify malicious intention and act to the computer and network resources, and make an instant response. Intrusion detection analysis technology is the core of intrusion detection system which includes abnormity intrusion detection and abused intrusion detection.
Considering the problem of high rate of false negatives and false positives of IDS, this thesis presents a kind of synchronous detection model of classification detector, which is based on the real-coded genetic neural network and is a kind of abnormity intrusion detection. Meanwhile, a method of sample streamlining in the data pretreatment process has also been presented, by which sample data can be effectively compressed. Finally, in order to take advantage of both the traits that the real-coded genetic algorithms are good at global searching, and the great performance of the back propagation (BP) in accurate local searching, we join the real-coded genetics algorithm and BP algorithm together to optimize the initial weights of BP with GA. And then the trained network can be used as a separate detector, which is more effective in intrusion detection. Their effective combination can overcome the shortcomings of slow constringency rate and immersion minim value of the traditional BP algorithm, and omit the individual’s coding and decoding operations of binary-coded genetic algorithms during evolvement process. The research shows that this technology is well, and it has the advantages of rapid learning rate and high classify accuracy.
引文
1 刘宝旭等. 网络安全关键技术. 信息网络安全, 2005, (7): 22~23
2 向宏, 杨小东. 基于神经网络的入侵检测研究与设计. 网络安全技术与应用, 2004, (10): 24~26
3 马传香等. 入侵检测研究综述. 计算机工程, 2005, 31(3): 4~6
4 张超等. 入侵检测系统概述. 计算机工程与应用. 2004, (3): 116~119
5 汪磊. 基于遗传神经网络的入侵检测模型研究. 哈尔滨理工大学硕士论文, 2005: 1~4
6 李敏. 浅析网络信息安全技术. 山西电子技术, 2006, (5): 58~60
7 韩东海, 王超. 入侵检测系统实例剖析. 清华大学出版社, 2002: 12~15
8 鲁红英. 基于遗传神经网络的入侵检测方法研究. 成都理工大学硕士论文, 2004: 10~12
9 J. P. Anderson. Computer Security Threat Monitoring and Surveillance. Technical report, Fort Washington, Pennsylvania, 1980: 47~59
10 D. E. Denning. An Intrusion Detection Model. IEEE Transaction on Software Engineering, 1987, 13(2): 222~232
11 B. Mukherjee, etal. Network Intrusion Detection. IEEE Network, 1994, 8(3): 26~41
12 S. C. Lee, etal. Training a Neural Network based Intrusion Detector to Recognize Novel Attacks. IEEE Transaction on System Man and Cybernetics part a: Systems and Humans, 2001, 31(4): 57~60
13 李之棠, 李家春. 模糊神经网络在入侵检测中的应用. 小型微型计算机系统, 2002, 23(10): 1235~1237
14 关健, 刘大昕. GCIDS: 基于遗传分类器的入侵检测与响应系统. 计算机工程与应用, 2003, (15): 162~163
15 肖毅等. 基于免疫的入侵检测系统研究. 计算机工程, 2006, 32(20): 188~190
16 J. Bala, etal. Application of a Distributed Data Mining Approach to Network Intrusion Detection. AAMAS Bologna, Italy, 2002, (2): 15~19
17 J. Cannady. Artificial Neural Networks for Misuse Detection. Research Report, School of Computer and Information Sciences Nova Southeastern University Fort Lauderdale, France, 1998: 1~13
18 Kumar, etal. Classification and Detection of Computer Intrusions. Purdue University, 1995: 12~18
19 H. S. Javitz, etal. The SRI IDES Statistical Anomaly Detector. In IEEE Symposium on Research in Security and Privacy, 1991: 32~43
20 Eric Maiwald. Deploying Intrusion Detection System. White Paper of Fortrex Technologies Inc, 1999: 43~49
21 金波等. 入侵检测技术评述. 华东理工大学学报, 2000, 2(26): 191~197
22 王丽娜. 网络多媒体信息安全保密的若干理论与技术的研究. 东北大学博士论文, 2001: 74~85
23 郑孝遥, 陆阳. 基于分布式 Agent 的入侵检测系统研究. 计算机工程与设计, 2005, 26(5): 1241~1243
24 史志才等. 分布式网络入侵检测技术研究. 计算机工程, 2005, 31(13): 112~114
25 王勇等. 一种基于进化神经网络的入侵检测实验系统. 华东理工大学学报(自然科学版), 2005, 31(3): 362~366
26 薛张伟, 李学干. 入侵检测技术研究. 微机发展, 2005, 15(3): 45~46
27 赵俊忠等. 入侵检测系统中检测技术的研究. 计算机工程与应用, 2005, (2): 11~13
28 赵丽, 孙敏. 入侵检测系统的性能问题研究. 计算机工程与应用, 2005, (10): 138~140
29 戴云, 范平志. 入侵检测系统研究综述. 计算机工程与应用, 2002, (4): 17~19
30 胡和平, 肖述超. 一种分布式入侵检测系统模型. 计算机工程与科学, 2005, 27(7): 4~6
31 连一峰. 分布式入侵检测系统的协作交互研究. 中国科学院研究生院学报, 2005, 22(2): 202~208
32 汪兴东等. 基于 BP 神经网络的智能入侵检测系统. 成都信息工程学院学报, 2005, 20(1): 1~4
33 危胜军等. 基于 BP 神经网络改进算法的入侵检测方法. 计算机工程, 2005, 31(13): 154~155
34 郑宏等. 基于 BP 神经网络的入侵检测系统分类器的实现. 合肥工业大学学报(自然科学版), 2003, 26(2): 281~285
35 马海峰, 孙名松. 基于多层前向神经网络入侵检测系统的研究. 哈尔滨理工大学学报, 2004, 9(2): 52~55
36 孙剑, 许家珆. 神经网络算法在智能体 IDS 系统中的应用. 电子科技大学学报, 2004, 33(3): 289~292
37 王小平, 曹立明. 遗传算法-理论、应用与软件实现. 西安交通大学出版社, 2002: 189~190
38 刘道群. 基于遗传神经网络的入侵检测模型的研究. 重庆大学硕士论文, 2005: 18~21
39 鲁红英等. 基于遗传神经网络的入侵检测方法研究. 成都理工大学学报, 2005, 32(4): 419~422
40 王丽娜等. 基于进化神经网络的入侵检测方法. 东北大学学报(自然科学版), 2002, 23(2): 107~109
41 S. H. Ling, etal. An Improved Genetic Algorithm with Average Bound Crossover and Wavelet Mutation Operations. Soft Computing-A Fusion of Foundations, Methodologies and Applications, 2006, 11(1): 7~31
42 刘军利. 混合神经网络在入侵检测中的应用研究. 西北大学硕士论文, 2005: 42~44
43 李成严, 乔佩利. 面向检测的网络漏洞攻击分类研究. 通信管理与技术, 2004, (3): 48~50
44 W. Lee, etal. A Data Mining Framework for Adaptive Intrusion Detection. Oakland CA: IEEE Press, 1999: 120~132
45 W. Lee, etal. A Framework for Constructing Features and Models for Intrusion Detection Systems. ACM Transactions on Information and System Security, 2000, 3(4): 227~261
2 向宏, 杨小东. 基于神经网络的入侵检测研究与设计. 网络安全技术与应用, 2004, (10): 24~26
3 马传香等. 入侵检测研究综述. 计算机工程, 2005, 31(3): 4~6
4 张超等. 入侵检测系统概述. 计算机工程与应用. 2004, (3): 116~119
5 汪磊. 基于遗传神经网络的入侵检测模型研究. 哈尔滨理工大学硕士论文, 2005: 1~4
6 李敏. 浅析网络信息安全技术. 山西电子技术, 2006, (5): 58~60
7 韩东海, 王超. 入侵检测系统实例剖析. 清华大学出版社, 2002: 12~15
8 鲁红英. 基于遗传神经网络的入侵检测方法研究. 成都理工大学硕士论文, 2004: 10~12
9 J. P. Anderson. Computer Security Threat Monitoring and Surveillance. Technical report, Fort Washington, Pennsylvania, 1980: 47~59
10 D. E. Denning. An Intrusion Detection Model. IEEE Transaction on Software Engineering, 1987, 13(2): 222~232
11 B. Mukherjee, etal. Network Intrusion Detection. IEEE Network, 1994, 8(3): 26~41
12 S. C. Lee, etal. Training a Neural Network based Intrusion Detector to Recognize Novel Attacks. IEEE Transaction on System Man and Cybernetics part a: Systems and Humans, 2001, 31(4): 57~60
13 李之棠, 李家春. 模糊神经网络在入侵检测中的应用. 小型微型计算机系统, 2002, 23(10): 1235~1237
14 关健, 刘大昕. GCIDS: 基于遗传分类器的入侵检测与响应系统. 计算机工程与应用, 2003, (15): 162~163
15 肖毅等. 基于免疫的入侵检测系统研究. 计算机工程, 2006, 32(20): 188~190
16 J. Bala, etal. Application of a Distributed Data Mining Approach to Network Intrusion Detection. AAMAS Bologna, Italy, 2002, (2): 15~19
17 J. Cannady. Artificial Neural Networks for Misuse Detection. Research Report, School of Computer and Information Sciences Nova Southeastern University Fort Lauderdale, France, 1998: 1~13
18 Kumar, etal. Classification and Detection of Computer Intrusions. Purdue University, 1995: 12~18
19 H. S. Javitz, etal. The SRI IDES Statistical Anomaly Detector. In IEEE Symposium on Research in Security and Privacy, 1991: 32~43
20 Eric Maiwald. Deploying Intrusion Detection System. White Paper of Fortrex Technologies Inc, 1999: 43~49
21 金波等. 入侵检测技术评述. 华东理工大学学报, 2000, 2(26): 191~197
22 王丽娜. 网络多媒体信息安全保密的若干理论与技术的研究. 东北大学博士论文, 2001: 74~85
23 郑孝遥, 陆阳. 基于分布式 Agent 的入侵检测系统研究. 计算机工程与设计, 2005, 26(5): 1241~1243
24 史志才等. 分布式网络入侵检测技术研究. 计算机工程, 2005, 31(13): 112~114
25 王勇等. 一种基于进化神经网络的入侵检测实验系统. 华东理工大学学报(自然科学版), 2005, 31(3): 362~366
26 薛张伟, 李学干. 入侵检测技术研究. 微机发展, 2005, 15(3): 45~46
27 赵俊忠等. 入侵检测系统中检测技术的研究. 计算机工程与应用, 2005, (2): 11~13
28 赵丽, 孙敏. 入侵检测系统的性能问题研究. 计算机工程与应用, 2005, (10): 138~140
29 戴云, 范平志. 入侵检测系统研究综述. 计算机工程与应用, 2002, (4): 17~19
30 胡和平, 肖述超. 一种分布式入侵检测系统模型. 计算机工程与科学, 2005, 27(7): 4~6
31 连一峰. 分布式入侵检测系统的协作交互研究. 中国科学院研究生院学报, 2005, 22(2): 202~208
32 汪兴东等. 基于 BP 神经网络的智能入侵检测系统. 成都信息工程学院学报, 2005, 20(1): 1~4
33 危胜军等. 基于 BP 神经网络改进算法的入侵检测方法. 计算机工程, 2005, 31(13): 154~155
34 郑宏等. 基于 BP 神经网络的入侵检测系统分类器的实现. 合肥工业大学学报(自然科学版), 2003, 26(2): 281~285
35 马海峰, 孙名松. 基于多层前向神经网络入侵检测系统的研究. 哈尔滨理工大学学报, 2004, 9(2): 52~55
36 孙剑, 许家珆. 神经网络算法在智能体 IDS 系统中的应用. 电子科技大学学报, 2004, 33(3): 289~292
37 王小平, 曹立明. 遗传算法-理论、应用与软件实现. 西安交通大学出版社, 2002: 189~190
38 刘道群. 基于遗传神经网络的入侵检测模型的研究. 重庆大学硕士论文, 2005: 18~21
39 鲁红英等. 基于遗传神经网络的入侵检测方法研究. 成都理工大学学报, 2005, 32(4): 419~422
40 王丽娜等. 基于进化神经网络的入侵检测方法. 东北大学学报(自然科学版), 2002, 23(2): 107~109
41 S. H. Ling, etal. An Improved Genetic Algorithm with Average Bound Crossover and Wavelet Mutation Operations. Soft Computing-A Fusion of Foundations, Methodologies and Applications, 2006, 11(1): 7~31
42 刘军利. 混合神经网络在入侵检测中的应用研究. 西北大学硕士论文, 2005: 42~44
43 李成严, 乔佩利. 面向检测的网络漏洞攻击分类研究. 通信管理与技术, 2004, (3): 48~50
44 W. Lee, etal. A Data Mining Framework for Adaptive Intrusion Detection. Oakland CA: IEEE Press, 1999: 120~132
45 W. Lee, etal. A Framework for Constructing Features and Models for Intrusion Detection Systems. ACM Transactions on Information and System Security, 2000, 3(4): 227~261