基于数据挖据的自适应入侵检测系统设计与仿真
A Design and Simulation of Adaptive Intrusion Detection System Based on Data Mining
摘要: 如今的规则匹配检测不能适应网络与系统更新的速度,容易受到未知的攻击。针对这一问题,本文通过使用自适应策略来实现入侵检测。该入侵检测方法首先由系统环境描述和安全值来选择检测策略,对于小于或等于安全阈值的情况,采用基于谱聚类的入侵检测方法,该方法基于采用图论的划分方法使得划分后的子图内部(同一个类)权值和尽量大,不同子图(不同类)之间权重和尽量小实现聚类,根据正常行为数量远大于异常行为数量划分出分正常/异常行为库;对于大于安全阈值的情况,采用孤立森林检测方法,该方法可以在找到大多数数据规律不符合的数据,从而找到异常数据达到检测效果。通过实验表明,该方法能够降低误报率且能够提高效率。
Abstract: Rule matching detection today dose not adapt to the rapid update of network and system and it is easy to get unknown attack. Considering the weakness of modern rule matching detection technique, the article supposes to apply adaptive intrusion detection through adaptive strategies. Ac-cording to the technique above, the article proposes to select and adjust detection strategies according to the description of the system environment and the safety threshold. For cases of being less than or equal to safety threshold value, the intrusion detection method based on spectral clustering is adopted, with the aim of maximizing internal weights of subgraphs. This approach is based on division method in graph theory. Besides, weights between subgraphs should be minimized in cluster process. Normal/abnormal behavior libraries were divided according to the fact that the number of normal behavior was far greater than that of abnormal behavior. For cases of being more than safety threshold value, using the isolated forest detection method, this method can find data that does not conform well with other data laws in a large number of data, and thus find abnormal data to achieve the detection effect. Experiments show that this method can reduce the false alarm rate and improve efficiency.
文章引用:苏昕, 史庭俊. 基于数据挖据的自适应入侵检测系统设计与仿真[J]. 计算机科学与应用, 2018, 8(5): 829-839. https://doi.org/10.12677/CSA.2018.85092

参考文献

[1] Zuech, R., Khoshgoftaar, T.M. and Wald, R. (2015) Intrusion Detection and Big Heterogeneous Data: A Survey. Journal of Big Data.
[2] Zhou, C.V., Leckie, C. and Karunasera, S. (2010) A Survey of Coordinated Attacks Detection. Com-puter & Security, 29, No. 1. [Google Scholar] [CrossRef
[3] Julisch, K. (2003) Clustering Intru-sion Detection Alarms to Support Root Cause Analysis. ACM Transactions on Information and System Security, 6, 443-471. [Google Scholar] [CrossRef
[4] Cuppens, F. (2001) Managing Alerts in a Multi-Intrusion Detection Environment. Proceedings of the 17th Annual Computer Security Applications Conference, IEEE, 2002, 22.
[5] Ning, P., Cui, Y. and Reeves, D.S. (2002) Constructing Attack Scenarios through Correlation of Intrusion Alerts. Proceedings of the 9th ACM Conference on Computer and Communications Security, ACM, 245-254.
[6] Ning, P., Cui, Y., Reeves, D.S. and Xu, D. (2004) Techniques and Tools for Analyzing intrusion Alerts. ACM, 7, 274-318.
[7] Roshan, S. and Miche, Y. (2017) Adaptive and Online Network Intrusion Detection System Using Clus-tering and Extreme Learning. Journal of the Franklin Institute, 355, 1752-1779.
[8] Pham, L.H., Albanese, M. and Venkatesan, S. (2016) A Quantitative Risk Assessment Framework for Adaptive Intrusion Detection in the Cloud. The 2nd IEEE Workshop on Security and Privacy in the Cloud (SPC 2016), 489-497.
[9] Abu Afza, A.J.M. and Uddin, M.S. (2014) Intrusion Detection Learning Algorithm through Network Mining. 16th International Conference on Com-puter and Information Technology, Khulna, 8-10 March 2014, 490-495.
[10] 杜强, 孙敏. 基于改进聚类分析算法的入侵检测系统研究[J]. 计算机工程与应用, 2011, 47(11): 106-108.
[11] Zhang, Q.-H., Fu, Y.-Z. and Xu B.-G. (2008) A New Model of Self-Adaptive Network Intrusion Detection. IEEE Congress on Evolutionary Computation (CEC 2008), 436-439.
[12] 程勇军. 基于数据挖掘的自适应入侵检测模型研究[D]: [硕士学位论文]. 重庆: 西南师范大学, 2004.
[13] Al-Yaseen, W.L., Othman, Z.A. and Nazri, M.Z.A. (2017) Real-Time Multi-Agent System for an Adaptive Intrusion Detection System. Pattern Recognition Letters, 85, 56-64. [Google Scholar] [CrossRef
[14] Liu, F.T., Kai, M.T. and Zhou, Z.-H. (2012) Isolation-Based Anomaly Detection. ACM Transaction on Knowledge Discovery from Data (TKDD), 6, 3.
[15] Liu, F.T., Kai, M.T. and Zhou, Z.-H. (2008) Isolation Forest. Eighth IEEE International Conference on Data Mining, 413-422.
[16] Zhou, Z.P., Xuan, J. and Zhao, X.X. (2017) A New Constraint Spectral Clustering Algorithm. Control and Decision Conference (CCDC), 6664-6668.
[17] 薛静锋, 祝烈煌. 入侵检测技术[M]. 北京: 人民邮电出版社, 2016.
[18] Internet Socie-ty (ISOC). (1983) Request for Comments (RFC) 882. ISI, November, p. 30.
[19] Mukkamala, S. and Janoski, G. (2002) Intrusion Detection Using Neural Networks and Support Vector Machines. Proceedings of the 2002 International Joint Conference on IJCNN’02, Honolulu, HI, 12-17 May 2002. [Google Scholar] [CrossRef