Intelligent NIPS (Network Intrusion Prevention System) framework for quantifying neural network based on mobile agent (MA) and learning vector

Abstract

The invention discloses an intelligent NIPS (Network Intrusion Prevention System) framework for quantifying a neural network based on a mobile agent (MA) and a learning vector. The NIPS framework comprises a data preprocessing unit, a construction classifier unit, an expert system unit and a knowledge base, wherein the data preprocessing unit is used for collecting network data streams and selecting an input sample and a test sample for the neural network from the collected network data streams; the construction classifier unit is used for making use of an input and learning sample MA-LVQ (Mobile Agent-Learning Vector Quantization) neural network classifier and performing class test to form a knowledge base; the expert system unit is used for interacting with the knowledge base according to a known security policy to compare and classify actions provided by the data streams and action descriptions in the knowledge base so as to determine an output result; and the knowledge base comprises a normal action description and an abnormal action description and is updated by interacting through the expert system unit. By adopting the NIPS framework, a better classifying effect can be achieved by a linear network, and the stronger limit on linear separability of data required by the linear network can be avoided effectively under the action of a competition layer; and the NIPS framework is more practicable and extensive.

Description

technical field [0001] The invention relates to the technical field of computer network information security, in particular to the key technology applied to the computer network security defense system NIPS, which can effectively solve the problems of network security missed detection and high false alarm rate, and further improve network detection, identification and blocking decision-making Accuracy and overall smart defense performance. Background technique [0002] The traditional firewall generally used today is a passive static access control system, which only detects external network information (not internal network detection) according to the security policy, so that it can only protect the internal network from illegal access and attacks from the outside world. The Intrusion Detection System (IDS) mainly analyzes, monitors, detects and identifies unauthorized or abnormal phenomena in the system through network data packet event behavior. The focus is on network m...

AI Technical Summary

Problems solved by technology

The focus is on network monitoring and auditing and tracking. When abnormalities are found, only reporting cannot prevent them, and can only be protected by linkage with security devices such as firewalls

At present, there are serious defects: first, poor dynamic linkage and poor intelligence; second, network defects. Using switches instead of HUBs that can share monitoring will cause trouble for IDS network monitoring, and ca...

Images