| 基于数字属性和符号属性混合数据的网络异常入侵检测方法 |
| |
| 引用本文: | 蔡龙征,余胜生,王晓峰,周敬利.基于数字属性和符号属性混合数据的网络异常入侵检测方法[J].上海大学学报(英文版),2006,10(5):415-420. |
| |
| 作者姓名: | 蔡龙征 余胜生 王晓峰 周敬利 |
| |
| 作者单位: | 华中科技大学 |
| |
| 摘 要: | 1IntroductionIntrusion detection systems(IDS)can be catego-rizedinto two types bytheir detection algorithms:mis-use detection and anomaly detection.Misuse detectiondefines known attack signatures(using expert know-ledge),and tries to find the ones that ma…
|
| 关 键 词: | 异常检测 侵入检测 网络安全 数据安全 |
| 文章编号: | 1007-6417(2006)05-0415-06 |
| 收稿时间: | 2005-03-14 |
| 修稿时间: | 2006-03-10 |
Network-based anomaly intrusion detection with numeric-and-nominal mixed data |
| |
| Long-zheng Cai Ph. D. Candidate,Shmg-sheng Yu,Xiao-feng Wang,Jing-li Zhou.Network-based anomaly intrusion detection with numeric-and-nominal mixed data[J].Journal of Shanghai University(English Edition),2006,10(5):415-420. |
| |
| Authors: | Long-zheng Cai Ph D Candidate Shmg-sheng Yu Xiao-feng Wang Jing-li Zhou |
| |
| Institution: | (1) School of Computer Science and Technology, Huazhong University of Science and Technology, 430074 Wuhan, P.R. China |
| |
| Abstract: | Anomaly detection is a key element of intrusion detection systems and a necessary complement of widely used misuse intrusion detection systems. Data sources used by network intrusion detection, like network packets or connections, often contain both numeric and nominal features. Both of these features contain important information for intrusion detection. These two features, on the other hand, have different characteristics. This paper presents a new network based anomaly intrusion detection approach that works well by building profiles for numeric and nominal features in different ways. During training, for each numeric feature, a normal profile is build through statistical distribution inference and parameter estimation, while for each nominal feature, a normal profile is setup through statistical method. These profiles are used as detection models during testing to judge whether a data being tested is benign or malicious. Experiments with the data set of 1999 DARPA (defense advanced research project agency) intrusion detection evaluation show that this approach can detect attacks effectively. |
| |
| Keywords: | anomaly detection intrusion detection network security |
| 本文献已被 CNKI 维普 万方数据 SpringerLink 等数据库收录! |
