检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:郑军[1] 胡铭曾[1] 云晓春[1] 张宏莉[1]
机构地区:[1]哈尔滨工业大学计算机科学与技术学院,哈尔滨150001
出 处:《计算机研究与发展》2005年第9期1578-1586,共9页Journal of Computer Research and Development
基 金:国家自然科学基金项目(60403033);国家"八六三"高技术研究发展计划基金项目(2002AA104410)~~
摘 要:近年来越来越多的机器学习算法被应用到入侵检测中.但是在网络入侵检测系统(NIDS)中,随着网络规模和速度的增加,一般机器学习算法难以满足入侵检测系统实时性的要求,这也是困扰机器学习算法在入侵检测领域进一步实用化的主要瓶颈之一.为了增加网络入侵检测系统的可用性和实时性,提出了一种基于自组织特征映射(SOFM)的网络入侵检测系统,并且在此基础上实现了一种面向提高入侵检测效率的快速最近邻搜索算法VENNS,以减少系统训练和系统检测时间开销.在DARPA1999入侵检测评估数据的基础上,进行了系统的综合性能评价和对比分析.实验证明,系统在维持较低误报率的基础上取得较高的检测率;系统效率大大提高:训练时间开销大约达到改进前的14,检测时间开销则约达到改进前的17.Owing to computer attacks becoming more complex, more and more machine learning algorithms are increasingly proposed to solve the problems of intrusion detection. But these algorithms have wide gap when applied in network intrusion detection systems (NIDS), especially in high-speed networking environments. In this paper, An NIDS based on self-organizing feature map (SOFM) is proposed. And to achieve more efficiency and usability, the vector elimination nearest-neighbor search (VENNS) algorithm is implemented for the NIDS, where the final aim is to reduce the system computational cost of training and detection. Using the DARPA Intrusion Detection Evaluation Data Set, the performance evaluation and comparison analysis are implemented. It is shown that network attacks are detected with the higher detection rates and relatively the lower false positive rates. The performance and efficiency of NIDS are improved greatly: the training time cost the detection time cost can be shortened about by four times and seven times respectively.
关 键 词:入侵检测 自组织特征映射 快速最近邻搜索 量化错误
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.28