利用贝叶斯预测和反向传播神经网络训练snort入侵检测规则方案的研究  

作　　者：马博[1] 慕德俊[1] 袁丁[2] 

机构地区：[1]西北工业大学自动化学院,陕西西安710072 [2]四川师范大学计算机科学与技术学院,四川成都610110

出　　处：《四川师范大学学报（自然科学版）》2013年第6期963-969,共7页Journal of Sichuan Normal University（Natural Science）

基　　金：国家自然科学基金(F020705);国防基础研究基金(B02720110004)资助项目

摘　　要：在网络安全问题中,一种分布式拒绝服务(Distributed deny of services)攻击严重威胁着现有的互联网.针对DDOS攻击基于神经网络算法的防护,因为现有算法收敛性能不高,过滤DDOS攻击包的速度过慢,无法投入大规模商业使用.本文针对这个问题,提出借助SNORT入侵检测平台,利用捕捉的网络数据包进行数据规整化,利用贝叶斯模式对正常数据和异常数据进行初步分离,使得能减少冗余训练数据对神经网络的输入,之后利用改进的反向传播神经网络进行前期数据训练,使训练产生的数据对检测模型进行优化,并且自动生成防御规则.其优势在于:1)在linux系统上实现部分改进,使得现有包过滤效率增强,在攻击目标端生效之前可进行攻击拒绝;2)使用贝叶斯模型减少重复数据和不必要数据的输入,改进的神经网络算法使得训练收敛速度加快,方便规则的重新制定学习,以防新攻击.实验表明,本文方案在一定程度上提高了原有基于神经网络防护DDOS攻击的处理速度,也能够防护若干未知DDOS攻击,训练算法的收敛速度也得到进一步提升,并且该方案能在软件层面上提升自适应抗DDOS软件的性能.tn the network security issues,a attack of distributed denial of service （Distributed Deny of service） is a serious threat to the existing Intemet.One of the protection methods based on neural network algorithm,has the disadvantage of poor algorithms convergence,leading to a low filftering rate for the packet with DDOS attack is slow.This paper is designed to raise corresponding solutions to solve the problem which is based on the SNOR Iutrusion detection system plafform.After regularizing data with the network data package captured,the normal data and the abnormal data can be separated ronghly from each other with the help of Bayesian models,so that the redundant input of training data into neural network can be diminished.Once the figures are valid,the program executes pre-trainings for date by using improved Backward Propagation Neuron Network in order to promote the testing models and create defensive rules automatically.The main advantages of this system as follows：having improved the LINUX system,enhancing the filtering productivity of the present packet and refusing attacks before the target ends becoming effective; the use of Bayesian models reduces the repeated or unnecessary data input.Also,the improved neural network algorithms accelerate the convergence speed,more over they enable to re-enact the rules and learning and prevent new attacks,therefore,it makes the reconstruction and learning of rules convenient,which prevents new attacks.Experiments show that the program enhances the processing speed of defensing DDOS attacks based on previous neural net defense network,guards against unknown DDOS attacks and promotes the convergence speed of training algorithm,and the program at the software level to enhance adaptive of defend with DDOS software performance.

关 键 词：分布式拒绝服务攻击(DDOS) 贝叶斯模式(Beyes) 反向误差传播神经网络 数据训练 入侵检测系统(IDS) 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]