TCP/IP审计数据缩减技术在入侵检测中的可行性研究

田俊峰; 王惠然; 傅玥

doi:10.3724/SP.J.1146.2005.01632

TCP/IP审计数据缩减技术在入侵检测中的可行性研究

doi: 10.3724/SP.J.1146.2005.01632

基金项目:

河北省自然科学基金(F2004000133)资助课题

计量
- 文章访问数: 2989
- HTML全文浏览量: 80
- PDF下载量: 1026
- 被引次数: 0
出版历程
- 收稿日期: 2005-12-16
- 修回日期: 2007-05-21
- 刊出日期: 2007-09-19

Research on the Feasibility of TCP/IP Feature Reduction for Intrusion Detection

摘要

摘要: 目前的一些入侵检测系统是利用网络层的TCP/IP数据包里的特征进行分析建模，但TCP/IP的特征属性对检测过程的贡献不同，因而如果能够在不影响检测准确性的前提下，适当缩减特征属性的数量，那么对于提高IDS的检测率和实时性势必产生有益的影响，鉴于此该文提出基于决策树的规则统计方法(DTRS)来缩减TCP/IP的特征属性。它的基本思想是通过在n个子数据集上建立n棵决策树，提取其中的规则，根据特征属性使用频度的不同，计算出相对重要的属性，并通过实验验证了其可行性和有效性。
- 入侵检测;特征缩减;决策树
Abstract: At present some Intrusion Detection Systems (IDS) use the features of TCP/IP data packets for analysis and modeling, but due to the different contribution of TCP/IP features to the detecting process a favorable impact may be made on the promotion of IDSs detecting rate and real time if the quantity of properties can be reduced properly without affecting the precision of detection. Therefore, a Decision Tree Rule-based Statistical method (DTRS) in light of this is presented to reduce TCP/IP features. Its primary concept is to create n decision trees in n data subsets, extract the rules, work out the relatively important features in accordance with the frequency of use of different features and verify its feasibility and effectiveness through tests.

HTML全文

参考文献(1)

郑军，胡铭曾，云晓春，张宏丽. 基于SOFM和快速最近邻搜索的网络入侵检测系统与攻击分析. 计算机研究与发展， 2005-9, 42(9): 1578-1586. Zheng Jun, Hu Ming-zeng, Yun Xiao-chun, and Zhang Hong-li. Network intrusion detection and attack analysis based on SOFM with fast nearest-neighbor search. Computer Research and Development, 2005, 42(9): 1578-1586.[2]Bierman E, Cloete E, and Venter L M. A comparison of intrusion detection systems[J].Computers Security.2001, 20(8):676-683[3]Lee W, Miller M, Stolfo S, Jallad K, Park C, Zadok E, and Prabhakar V. Toward cost-sensitive modeling for intrusion detection. Technical Report CUCS-002-00, Computer Science, Columbia University, 2000.[4]Mukkamala S and Sung A H. Identifying significant features for network forensic analysis using artificial intelligent techniques. International Journal of Digital Evidence, 2003, 1(4): 1-17.[5]Srilatha Chebrolu, Ajith Abraham, and Johnson P. Thomas[J].Feature deduction and ensemble design of intrusion detection system. Computer Security.2005, 24(4):295-307[6]邹涛，孙宏伟，田新广，李学春. 入侵检测系统中两种审计数据缩减技术的比较与分析.计算机应用，2003, 23(7): 13-17. Zou Tao, Sun Hong-wei, Tian Xin-guang, and Li Xue-chun. Comparison and analysis of two audit data reduction methods for intrusion setection system. Computer Applications, 2006, 23(7): 13-17.[7]Lippmann R, Haines J W, Fried D J, Korba J, and Das K. The 1999 DARPA off-line intrusion detection evaluation[J].Computer Networks.2000, 34(4):579-595

施引文献

资源附件(0)

访问统计