基于相关向量机的网络入侵检测算法

针对支持向量机理论中存在的问题：训练样本数量多以及必须满足MerCer条件等,提出了一种基于相关向量机（RVM）的网络入侵检测方法。首先采用“删除特征”法对KDD99数据集中的41个特征进行评级,筛选出针对不同入侵类型的重要特征和非重要特征,然后只选择重要特征进行匹配。结果表明,这种方法与基于支持向量机（SVM）的入侵检测模型相比,具有更高的检测率和更低的误警率。     

聚类分析在入侵检测系统中的应用研究

入侵检测系统是计算机网络安全的重要组成部分.本文通过对两种入侵检测模型的分析,提出了一种基于聚类分析的非监督式异常检测方法,并以KDD99 Cup的数据集为基础做了相应实验.实验结果证明这种方法具有比较高的检测性能.     

An incremental intrusion detection system using a new semi‐supervised stream classification method

In recent years, the utilization of machine learning and data mining techniques for intrusion detection has received great attention by both security research communities and intrusion detection system (IDS) developers. In intrusion detection, the most important constraints are the imbalanced class distribution, the scarcity of the labeled data, and the massive amounts of network flows. Moreover, because of the dynamic nature of the network flows, applying static learned models degrades the detection performance significantly over time. In this article, we propose a new semi‐supervised stream classification method for intrusion detection, which is capable of incremental updating using limited labeled data. The proposed method, called the incremental semi‐supervised flow network‐based IDS (ISF‐NIDS), relies on an incremental mixed‐data clustering, a new supervised cluster adjustment method, and an instance‐based learning. The ISF‐NIDS operates in real time and learns new intrusions quickly using limited storage and processing power. The experimental results on the KDD99, Moore, and Sperotto benchmark datasets indicate the superiority of the proposed method compared with the existing state‐of‐the‐art incremental IDSs.     

基于聚类学习算法的网络入侵检测研究

目前的入侵检测系统存在着在先验知识较少的情况下推广能力差的问题。在入侵检测系统中应用聚类算法,使得入侵检测系统在先验知识少的条件下仍具有良好的推广能力。首先介绍入侵检测研究的发展概况和聚类算法;接着提出了基于聚类算法的入侵检测方法;然后以KDD99这类常用的入侵检测数据为例,讨论了该方法的工作过程;最后将计算机仿真结果进行了分析。通过实验和比较发现,基于聚类学习算法的入侵检测系统能够比较有效地检测真实网络数据中的未知入侵行为。     

基于Petri网的攻击检测模式的优化生成算法

本文介绍了基于Petri网的入侵检测系统的概念,指出了这种方法所面临的主要困难是状态的组合爆炸,由此提出了通过将入侵模式Petri网和应用约束Petri网进行合成操作,从而减小无用状态的优化算法。     

A lightweight portable intrusion detection communication system for auditing applications

The goal of this paper is to develop, deploy, test, and evaluatea a lightweight portable intrusion detection system (LPIDS) over wireless networks by adopting two different string matching algorithms: Aho‐Corasick algorithm and Knuth‐Morris‐Pratt algorithm (KMP). Thus, this research contributes in three ways. First, an efficient and lightweight IDS (LPIDS) is proposed. Second, the LPIDS was developed, implemented, tested, and evaluated using Aho‐Corasick and KMP on two different hardware platforms: Wi‐Fi Pineapple and Raspberry Pi. Third, a comparative analysis of proposed LPIDS is done in terms of network metrics such as throughput, power consumption, and response time with regard to their counterparts. Additionally, the proposed LPIDS is suggested for consultants while performing security audits. The experimental results reveal that Aho‐Corasick performs better than KMP throughout the majority of the process, but KMP is typically faster in the beginning with fewer rules. Similarly, Raspberry Pi shows remarkably higher performance than Wi‐Fi Pineapple in all of the measurements. Moreover, we compared the throughput between LPIDS and Snort, it is observed and analyzed that former has significantly higher throughput than later when most of the rules do not include content parameters. This paper concludes that due to computational complexity and slow hardware processing capabilities of Wi‐Fi Pineapple, it could not become suitable IDS in the presence of different pattern matching strategies. Finally, we propose modification of Snort to increase the throughput of the system.     

改进型遗传算法在入侵检测系统中的应用

在信息安全问题日益突出的互联网中,入侵检测技术以其主动防御的特性,得到越来越广泛的重视和应用。遗传算法作为一种人工智能的算法,能够有效的解决传统检测技术中存在的机器学习的问题。设计的改进型遗传算法能够解决传统遗传算法中收敛过快等问题,能够使入侵检测系统更为高效、准确。     

基于免疫算法的入侵检测系统特征选择

入侵检测系统中的特征选择是一个组合优化问题。为了有效地进行特征选择，提出一种结合进化思想的免疫算法。算法中的免疫记忆单元确保了快速收敛于全局最优解，算法中的均匀交叉操作则体现了进化的思想。提出一个基于神经网络的入侵检测系统模型．该模型具有多分类．易于更新系统使其快速适应新型入侵的特点。在KDDCUP’99上的实验表明该算法是有效的。     

A Feature Reduced Intrusion Detection System with Optimized SVM Using Big Bang Big Crunch Optimization

The swift proliferation in traffic across computer networks has led to certain types of attacks and intrusions, raising a serious global concern of information security. Attack detection is possible by monitoring and observing occurrences in intrusion detection systems, however these systems tend to suffer from problem of curse of dimensionality, high false alarm rate, high time complexity and low detections. In order to overcome these limitations, we propose a feature reduced intrusion detection system employing optimized SVM as a classifier. Feature Reduction has been performed by fusing ranked features from information gain and chi square in a way that it has helped in retaining only important features and discarding the rest. The study further proposes an optimized version of SVM classifier using Big Bang Big Crunch (BBBC) optimization that simulates the big bang and big crunch theory of evolution of universe. BBBC has helped in finding an optimal set of SVM parameters quickly that are further used for classification. We also experimented with a number of fitness functions for gauging the performance of IDS and propose a new fitness function based on the weighted F1 score of various traffic classes. KDD-99 dataset has been used for experimentation and analysis. The paper further experiments the effects of under-sampling and oversampling of various traffic classes on the proposed IDS performance and recommends that maintaining a desired ratio for a mix of under-sampling and over-sampling of desired classes produces the best results.

     

A new machine learning method consisting of GA-LR and ANN for attack detection

Advances in computer networks led to the generation of much data that computer networks must be capable of transmitting. The security of this volume of data is a major challenge for companies. Intrusion detection systems is one of the solutions that researchers introduced for this challenge. This research aims to introduce a new machine learning model for intrusion detection. The proposed model includes two stages of feature selection and attack identification. The feature selection stage uses genetic algorithm and logistic regression algorithm to find a correlated subset of features. In the attack detection phase, the ANN algorithm is used. ANN is trained by particle optimization (PSO) and gravitational search (GS) algorithms. To evaluate the proposed model, two sets of NSL-KDD and KDD Cup'99 are used and results are compared with ANN based on gradient descent (GD-ANN) and decision tree, ANN based on genetic algorithm (GA-ANN) methods, ANN based on GSPSO (GSPSO-ANN), ANN based on PSO (PSO-ANN) and ANN based on GS (GS-ANN) indicate the superiority of the proposed method.

     

基于核主成分提取和支持向量机的入侵检测

现有的入侵检测算法存在小样本情况下泛化能力差的问题。提出了利用核主成分分析和支持向量机结合进行入侵检测的方法。与传统算法相比，该方法对网络异常连接有很高的检测率、更强的泛化能力和更快的处理时间。最后在KDD CUP99数据集上进行的实验，证明了方法的适用性和高效性。     

Nonlinear Feature Transformation and Genetic Feature Selection: Improving System Security and Decreasing Computational Cost

Intrusion detection systems (IDSs) have an important effect on system defense and security. Recently, most IDS methods have used transformed features, selected features, or original features. Both feature transformation and feature selection have their advantages. Neighborhood component analysis feature transformation and genetic feature selection (NCAGAFS) is proposed in this research. NCAGAFS is based on soft computing and data mining and uses the advantages of both transformation and selection. This method transforms features via neighborhood component analysis and chooses the best features with a classifier based on a genetic feature selection method. This novel approach is verified using the KDD Cup99 dataset, demonstrating higher performances than other well‐known methods under various classifiers have demonstrated.     

A new ontology‐based multi agent framework for intrusion detection

Ontologies play an essential role in knowledge sharing and exploration, especially in multiagent systems. Intrusion is an unauthorized activity in a network, which is achieved by either active manner (information gathering) or passive manner (harmful packet forwarding). Most of the existing intrusion detection system (IDS) suffers from the following issues: it is usually adjusted to detect known service level network attacks and leaves from vulnerable to original and novel malicious attacks. Thus, it provides low accuracy and detection rate, which are the important problems of existing IDS. To overwhelm these drawbacks, an ontology‐based multiagent IDS framework is developed in this work for intrusion detection. The main intention of this work is to detect the network attacks with the help of multiple detection agents. In this analysis, there are 3 different types of agents, ie, IDS broker, deputy commander, and response agent, which are used to prevent and detect the attacks in a network. The novel concept of this work is based on the concept of signature matching; it identifies and detects the attackers with the help of multiple agents.     

An Intrusion Detection System Model Based on Immune Principle and Performance Analysis

1　Introduction　 With the rapid development of Internet, network securityhas gotten the increasing focus of government, enterprise,even the individuals. But with the continuously spread ofnetwork application, attacks and destroys aiming at it in crease steadily also. Intrusion detection is a kind of networksecurity technique to detect any damage or attempt to tamperthe secrecy, integrality and usability of system. IntrusionDetection System (IDS) is an automated system for t…     

面向入侵检测的集成人工免疫系统

结合入侵检测的实际需求,提出了一种集成人工免疫系统(IAIS)。该系统结合了树突状细胞算法(DCA)和否定选择算法(NSA),DCA用于检测行为特征,NSA用于检测结构特征。通过KDD99数据集实验对该系统进行验证,并与其他方法进行了比较。实验结果表明,IAIS检测性能与经典分类算法相当。IAIS具有不依赖明确标识的数据来训练检测器,可结合行为特征和结构特征进行实时入侵检测的特点。     

基于移动代理的无线Ad Hoc网络IDS研究

介绍了无线Ad Hoc网络的特点和面临的安全问题，分析了移动代理在Ad Hoc网络入侵检测系统中的适用性，给出了一种基于移动代理的无线Ad Hoc网络入侵检测系统模型。     

ART-2神经网络及其在入侵检测中的应用

在分别对ART-2神经网络和入侵检测原理进行介绍的基础上,指出用ART-2神经网络作为入侵检测系统检测算法的可行性.利用KDD CUP-99数据集对算法进行了Matlab仿真.实验表明,该入侵检测算法可实现较高的检测率和较低的误检率.     

Statistical vertical reduction‐based data abridging technique for big network traffic dataset

Security is the major concern in the world of Internet. Traditionally, encryption, firewall, and other security countermeasures are used to secure the data. However, in the modern era of technology, the Intrusion Detection System (IDS) plays a major role in the field of security to detect the attack type. IDS are tuned in such a way that it learns from historical network traffic data and detects normal as well as abnormal event connection from the monitored system. Nevertheless, due to the huge size of historical data, this system can suffer from issues like accuracy, false alarms and execution time. In this paper, a new abridging algorithm is proposed, which is able to vertically reduce the size of network traffic dataset without affecting its statistical characteristics. In the literature, vertical data reduction i.e. features selection techniques are always used to reduce dataset, but this paper evaluates the effect of vertical reduction, which has not been examined significantly. Apart from abridging of vertical instances, Infinite Feature Selection technique is used to extract the relevant features from the dataset and Support Vector Machine classifier is used to classify normal and anomalous instances. The performance of the proposed system is evaluated on different datasets like NSL‐KDD and Kyoto University benchmark dataset using various parameters like accuracy, the number of instances reduced, recall, precision, f1‐score, t‐value and execution time.     

Visualization of big data security: a case study on the KDD99 cup data set

Cyber security has been thrust into the limelight in the modern technological era because of an array of attacks often bypassing untrained intrusion detection systems (IDSs). Therefore, greater attention has been directed on being able deciphering better methods for identifying attack types to train IDSs more effectively. Keycyber-attack insights exist in big data; however, an efficient approach is required to determine strong attack types to train IDSs to become more effective in key areas. Despite the rising growth in IDS research, there is a lack of studies involving big data visualization, which is key. The KDD99 data set has served as a strong benchmark since 1999; therefore, we utilized this data set in our experiment. In this study, we utilized hash algorithm, a weight table, and sampling method to deal with the inherent problems caused by analyzing big data; volume, variety, and velocity. By utilizing a visualization algorithm, we were able to gain insights into the KDD99 data set with a clear identification of “normal” clusters and described distinct clusters of effective attacks.     

Tone Dual‐Channel MAC Protocol with Directional Antennas for Mobile Ad Hoc Networks

The directional medium access control (MAC) protocol improves the throughput of mobile ad hoc networks but has a deafness problem and requires location information for neighboring nodes. In the dual‐channel directional MAC protocol [12], the use of omnidirectional packets does not require the exact location of destination node. In this letter, we propose a tone dual‐channel MAC protocol with directional antennas to improve the throughput of mobile ad hoc networks. In the proposed MAC protocol, we use a directional CTS and an out‐of‐band directional DATA tone with a new blocking algorithm to improve the spatial reuse. We confirm the throughput performance of the proposed MAC protocol by computer simulations using the Qualnet simulator.