检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]西安交通大学电子与信息工程学院,西安710049
出 处:《西安交通大学学报》2013年第2期14-19,46,共7页Journal of Xi'an Jiaotong University
基 金:国家自然科学基金资助项目(60970121)
摘 要:针对传统入侵检测系统报警事件数量多、误报率高的问题,提出了一种基于信息熵的网络攻击检测方法。该方法利用雷尼熵对报警事件源IP地址、目标IP地址、源威胁度、目标威胁度以及数据报大小这5个属性香农熵的融合结果来表示网络状态,通过与正常网络状态的对比识别网络异常。真实攻击和人工合成攻击环境中的实验结果表明,该方法能在保持误报率低于1%的情况下命中率高于90%;与基于特征香农熵的攻击检测方法相比,该方法对攻击更敏感,最易检测出DoS攻击和主机入侵,其次是主机扫描和端口扫描,对蠕虫攻击的检测敏感度稍差。对比测试结果表明,该方法在提高命中率的同时,还能有效降低误报率。A method to detect network attacks using entropy is proposed to solve the problem that the existing intrusion detection system(IDS) typically generates large amounts of alerts with high false rate.Rainey cross entropy is employed to fuse the Shannon entropy vector for five properties of alerts.These five properties are source IP address,destination IP address,source threat,target threat and datagram length.Then the fusing result is used to describe the network state,and is compared with the normal network state to identify the anomalies.The experimental results on actual network attacks data and synthetic attacks show that the proposed approach can detect network attacks with a hit rate more than 90% whereas the false rate is less 1%.Comparisons with the attack detection method based on the characteristics of the Shannon entropy show that the proposed method is more sensitive to attacks,and is easier to detect in the order Denial of Service(DoS) and hosts intrude attacks,and then the hosts scan and port scan attacks,however,is relatively difficult to worm attacks.The test results also show that the proposed method is better than the compared systems with higher hit rate and lower false positives.
分 类 号:TP393[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.145