检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
机构地区:[1]南京大学软件新技术国家重点实验室,南京210093 [2]南京大学计算机科学与技术系,南京210093
出 处:《计算机科学》2007年第5期66-71,114,共7页Computer Science
基 金:国家863计划(2003AA142010);江苏省高技术计划(BG2004030)
摘 要:目前,基于机器学习的异常入侵检测算法通常建立在对整个历史数据集进行等同的学习基础之上,学习到的网络行为轮廓过于依赖历史数据,难以准确反映当前网络通信量的行为特征。同时,算法的时间和空间复杂度较高,难以对网络中持续快速到达的大规模数据报文进行存储与维护。本文提出,一种基于数据流聚类的两阶段异常入侵检测方法,首先在线生成网络数据的统计信息,并利用最能反映当前网络行为的统计信息检测入侵行为。实验结果表明,其检测性能优于基于所有历史数据进行入侵检测的结果,并克服了内存等系统资源不足的问题,增加了系统的灵活性与并行性。Existing anomaly intrusion detection algorithms based on machine learning are usually founded on the equivalent learning of all historical dataset. Therefore, the learned network behavior profiles depend on the historical data heavily, thus behavior characteristics of current network traffic can not be represented exactly. At the same time, the network packets which arrive persistently with high.speed and large volume can not be stored and maintained in time because of the high time and space complexity of the anomaly intrusion detection algorithms. So, a kind of two-phase intrusion detection method based on data stream clustering is presented. In the method, the statistical information of the network traffic are collected and generated on line firstly. Then the statistical information which can represent current network situation nicely are used to detect the intrusions. Accordingly, the influence of historical data can be reduce& The empirical results manifest that such a two-phase intrusion detection method has better detection performance than that based on all historical data, as well as resolves the problems of insufficient system resources, such as memory, etc. , to improve the flexibility and concurrency of system.
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.9
