Classifying fusion intrusion detection method based on novel discovery and window function
An intrusion detection and window function technology, applied in the field of network security, can solve the problems of insufficient detection rate, high computational complexity and unsuitable intrusion detection, etc., to achieve the effect of improving performance, high detection rate, and low computational complexity
Inactive Publication Date: 2009-12-02
探知图灵科技(西安)有限公司
View PDF0 Cites 10 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0008] There are many existing anomaly-based intrusion detection methods, such as neural network methods, support vector machine classification methods, etc. Among them, the support vector machine classification method has insufficient detection rate, high computational complexity and is not suitable for complex intrusion detection, etc. question
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0032] refer to figure 1 , the implementation process of the present invention is as follows:
[0033] Step 1: Collect a host network behavior data set, and process the data set to obtain a feature vector.
[0034] While the host transmits a sequence of network packets between two IP addresses, it collects the network behavior of the host over a period of time to obtain a data set describing the network behavior, and maps and normalizes the data set to obtain features vector.
[0035] Here we take the KDD CUP1999 dataset as an example. Example [1] describes the data record of a network behavior that refuses to attack the server in the dataset; Example [2] describes the data record of the attack behavior against the HTTP server. These data records are described as a network behavior containing 38 persistent variables and 3 symbolic variables and the last bit label reflecting intrusion or normal network behavior, each bit in the data record represents a different meaning, such...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses a classifying fusion intrusion detection method based on novel discovery and a window function, which mainly solves the problems of low detection rate and high complexity of the prior support vector machine classifying method. The method is realized by the following steps: (1) acquiring data sets of mainframe network behaviors, and processing the data sets to obtain a characteristic vector; (2) selecting normal data sets of non-intrusion behaviors as training sample sets, and training to generate a first classifier; (3) acquiring data sets again, calculating a decision function f, and converting the decision function f into a probability estimation form; (4) training a second classifier by a PARZEN window function method; (5) performing probability density distribution estimation on the data sets in step 3, and setting a probability density threshold according to a Bayesian decision; (6) performing weighted fusion on output results of the first classifier and the second classifier; and (7) performing early warning or repeating the step (3) on the network behaviors according to a result y(x) of the weighted fusion. The classifying fusion intrusion detection method has the advantages of high detection rate and low false alarm rate, and is suitable for network intrusion detection.
Description
technical field [0001] The invention belongs to the technical field of network security, and in particular relates to an intrusion detection method, which can be used for detecting abnormal intrusion behavior of a network. Background technique [0002] Intrusion Detection System (IDS) is a network security device that conducts real-time monitoring of network transmissions and issues alerts or takes proactive measures when suspicious transmissions are found. What sets it apart from other network security devices is that IDS is a proactive security device. [0003] Intrusion detection system IDS is divided into several categories according to different information sources and detection methods. According to the information source, it can be divided into host-based IDS and network-based IDS, and according to the detection method, it can be divided into abnormal intrusion detection and abuse intrusion detection. Unlike firewalls, IDS is a monitoring device that is not connecte...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L9/36
Inventor 刘芳公茂果高宜楠焦李成马文萍张康王爽侯彪周伟达
Owner 探知图灵科技(西安)有限公司