基于CBR技术的入侵检测系统研究  被引量:1

Research on Intrusion Detection System Based on CBR Technology

在线阅读下载全文

作  者:黄浙京[1] 刘永军 张建辉[1] 贺磊[1] 

机构地区:[1]信息工程大学国家数字交换系统工程技术研究中心,河南郑州450002 [2]河南省军区,河南郑州450003

出  处:《信息工程大学学报》2011年第3期363-368,共6页Journal of Information Engineering University

基  金:国家863计划资助项目(2009AA01A346)

摘  要:目前,成熟的商用入侵检测系统都是基于特征或者规则的精确匹配,如果攻击模式过于特殊或者攻击者采用一些躲避检测的手段,就容易产生误报或漏报,从而降低入侵检测系统的准确性。针对当前入侵检测系统存在的缺陷,提出了一种基于案例推理技术(Case-Based Reasoning,CBR)的入侵检测系统模型,并在该模型基础上提出了基于Snort的预处理模型以避免推理产生的系统资源过度消耗问题;提出了基于分层结构的案例库维护模型以解决案例质量问题和访问效率问题;设计了一种基于变权值的CBR引擎搜索匹配算法以提高搜索精度。仿真实验证明了上述系统可以有效地解决躲避攻击问题,其检测正确率较传统系统有所改善。At present, mature eommereial intrusion detection systems usually adopt precise matching based on features or rules. If an attack mode is too special or an attacker adopts some evading detection techniques, it will lead to high false positive or false negative, thereby reducing the accuracy of whole system. To solve those problems, this paper proposes an intrusion detection system model based on case-based reasoning, then puts forward the pretreatment model based on snort to avoid the problem of excessive consumption of system resources caused by reasoning, and uses layered struc- ture case base maintenance model to solve the problems of case quality and access speed, designs an improved matching algorithm based on variable weights for CBR engine to improve searching accuracy. Simulation results show that the above system can solve the problem of evading detection successfully and has been improved in detection rate compared with traditional systems.

关 键 词:入侵检测 基于案例的推理 SNORT 案例库构造 案例库维护 k-NN算法 

分 类 号:TP393[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象