| 基于ARMA模型的CFAR网络入侵检测方法研究 |
| |
| 引用本文: | 韦红军,何迪,石伟锋,吴永明.基于ARMA模型的CFAR网络入侵检测方法研究[J].信息技术,2007,31(5):14-16,21. |
| |
| 作者姓名: | 韦红军 何迪 石伟锋 吴永明 |
| |
| 作者单位: | 上海交通大学电子工程系,上海,200240 |
| |
| 基金项目: | 教育部留学回国人员科研启动基金 |
| |
| 摘 要: | 提出了一种基于ARMA网络流量模型的CFAR入侵检测系统。采用ARMA模型对网络流量进行预测,并运用雷达信号处理中的恒误警CFAR技术,选取检测阀值以判定是否存在入侵信号。利用林肯实验室DARPA数据对系统进行试验,结果表明,此方法与AR预测模型相比,具有更高的检测率和更低的误警率。
|
| 关 键 词: | 入侵检测 ARMA模型 恒误警率(CFAR) AR模型 |
| 文章编号: | 1009-2552(2007)05-0014-03 |
| 修稿时间: | 2006-10-09 |
CFAR intrusion detection method based on ARMA model |
| |
| WEI Hong-jun,HE Di,SHI Wei-feng,WU Yong-ming.CFAR intrusion detection method based on ARMA model[J].Information Technology,2007,31(5):14-16,21. |
| |
| Authors: | WEI Hong-jun HE Di SHI Wei-feng WU Yong-ming |
| |
| Affiliation: | Department of Electronic Engineering, Shanghai Jiaotong University, Shanghai 200240,China |
| |
| Abstract: | A constant false alarm rate(CFAR) intrusion detection method based on autoregressive moving average(ARMA) model is proposed in this paper.The network flow can be predicted by using the ARMA model,and an appropriate detection threshold is chosen through the CFAR in radar signal processing,which can decide whether an intrusion signal exists or not.According to the simulations based on the DARPA datasets of Lincoln Lab and the comparisons with the intrusion detection system(IDS) based on autoregressive(AR) model,the results show that the detective probability is higher and the false alarm rate is lower by using this proposed method. |
| |
| Keywords: | intrusion detection ARMA model constant false alarm rate AR model |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
