Please wait a minute...
浙江大学学报(工学版)
J4  2009, Vol. 43 Issue (6): 987-993    DOI: 10.3785/j.issn.1008-973X.2009.
计算机技术、自动化技术     
基于多代理的混合式入侵检测系统模型
张宝军1,潘雪增1,王界兵2,平玲娣1
(1.浙江大学 计算机科学与技术学院,浙江 杭州 310027;2. 汉帆(杭州)信息技术有限公司,浙江 杭州 310012)
Multi-agent based hybrid Intrusion detection system
ZHANG Bao-jun1,  PAN Xue-zeng1, WANG Jie-bing2,PING Ling-di1
(1.College of Computer Science and Technology, Zhejiang University, Hangzhou 310027, China;
2.Hifn (Hangzhou) Information Technology Limited Company, Hangzhou 310012, China)
 全文: PDF(1570 KB)  
摘要:

在当前的网络环境下进行实时的入侵检测往往面临以下问题:一是网络的规模庞大,需要处理大量的信息,进而要求入侵检测系统有较大的吞吐量;二是网络的环境复杂,数据类型多样,相应的要求入侵检测系统有较大的准确度.针对这些问题,提出了一个入侵检测系统的模型,该模型基于多代理的分布式结构,能够适应网络规模和带宽的变化,具有很好的可扩展性;混合应用了异常和误用入侵检测技术,具有低的误警率和漏警率;采用了多属性的特征提取方法,能够精确的把握入侵行为的特征,从而有效的识别入侵行为;采用径向基函数来构造分类器,使得分类器具有较强的推广能力,能够对未知的入侵行为进行准确的判定,进一步增强了入侵检测的准确性.实验表明该系统吞吐量大,准确性高,适合于当前高速复杂的网络环境,具有很好的实用性.
关键词: 入侵检测支持向量机特征提取多代理系统分类器    
Abstract:

Real-time intrusion detection under  current network environment exists  the following problems: first, the scale of network is large, and a great deal of information needs to be processed, which requires large throughput to the intrusion detection system (IDS); second, the network environment is complex, and the data type is multiplex, accordantly, the intrusion detection system should has high accuracy. Aiming at these problems, a model of intrusion detection system was proposed. The model uses the distributed architecture based on multi-agent system and shows good expansibility, and can self-adjust according to the scale and bandwidth of network. The model uses technologies of anomaly intrusion detection and misuse intrusion detection together, and has low false alert rate and miss alert rate. Multi-attribute data abstraction is used in the model to grasp the feature of intrusion accurately and provide strong support for intrusion identification. The classifier is constructed with  radial basis function (RBF) so as to have good extension to  unknown intrusions, and can do effective judgement to  unknown intrusions.  Experimental results show that the system has large throughput and high accuracy, thus it is suitable for current network and has good practicability.
Key words: intrusion detection    support vector machine    attribute abstraction    multi-agent system    classifier
出版日期: 2009-07-01
:  TP309  
基金资助:

浙江省科技计划重点重大资助项目(2006C11105),浙江省重大专项重点资助项目(2007C11068,2007C11088),国家“863”高技术研究发展计划重点资助项目(2006AA01Z431).
通讯作者: 潘雪增,男,教授,博导.     E-mail: xzpan@cs.zju.edu.cn
作者简介: 张宝军(1977-),男,湖北京山人,博士生,从事计算机系统结构及网络安全方面的研究.
服务  
把本文推荐给朋友
加入引用管理器
E-mail Alert
RSS
作者相关文章  
张宝军
潘雪增
王界兵

引用本文:

张宝军, 潘雪增, 王界兵, 等. 基于多代理的混合式入侵检测系统模型[J]. J4, 2009, 43(6): 987-993.

ZHANG Bao-Jun, BO Xue-Ceng, WANG Jie-Bing, et al. Multi-agent based hybrid Intrusion detection system. J4, 2009, 43(6): 987-993.

链接本文:

http://www.zjujournals.com/xueshu/eng/CN/10.3785/j.issn.1008-973X.2009.        http://www.zjujournals.com/xueshu/eng/CN/Y2009/V43/I6/987

[1] HEADY R, LUGER G, MACCABE A, et al. The architecture of a network level intrusion detection system [R]. New Mexico: Department of Computer Science, University of New Mexico, 1990.
[2] ANDERSON J P. Computer security threat monitoring and surveillance [R]. Fort Washington, Pennsylvania: James P Anderson Co., 1980.
[3] DENNING D E. An intrusion-detection model [J]. IEEE Transaction on Software Engineering, 1987, 13(2): 222232.
[4] LUNT T F, JAGANNATHAN R, LEE R, et al. Development and application of IDES: a real-time intrusion detection expert system [R]. California, USA: SRI International, 1988.
[5] HEBERLEIN L T, DIAS G V, LEVITT K N, et al. A network security monitor [C]∥ Proceedings of the IEEE Symposium on Research in Security and Privacy. Los Alamitos, California: IEEE Computer Society, 1990: 296305.
[6] SNAPP S R, BRENTANO J, DIAS G V, et al. DIDS (distributed intrusion detection system) - motivation, architecture, and an early prototype [C]∥ Proceedings of the 14th National Computer Security Conference. Baltimore, USA: NIST, 1991: 167176.
[7] SNAPP S R, SMAHA S E, GRANCE T, et al. The DIDS (distributed intrusion detection system) prototype [C]∥ Proceedings of the USENIX Summer 1992 Technical Conference. San Antonio, Texas: Usenix Association, 1992: 227233.
[8] CROSBIEM, SPAFFORD E. Defending a computer system using autonomous agonts\
[R\]. Indiana: COAST Laboratorg, Purdue University, West Lafayette,1994.
 
[9] BALASUBRAMANIYAN J S, GARCIA-FERNANDEZ J O, LSACOFF D, et al. An architecture for intrusion detection using autonomous agents [R]. West Lafayette: Purdue University, COAST Laboratory, 1998.
[10] SPAFFORD E H, ZAMBONI D. Intrusion Detection Using Autonomous Agents [J]. Computer Networks, 2000, 34(4): 547570.
[11] CHEUNG S, CRAWFORD R, DILGER M, et al. The design of GrIDS: a graph-based intrusion detection system [R]. Davis, CA: University of California at Davis, Department of Computer Science, 1999.
[12] CANNADY J. Artificial neural networks for misuse detection [R]. Fort Lauderdale: Nova Southeastern University, 1998: 113.
[13] CHAVAN S, SHAH K, DAVE N, et al. Adaptive neuro-fuzzy intrusion detection system [C]∥ IEEE International Conference on Information Technology: Coding and Computing (ITCC’04). Las Vegas, Nevada, USA: IEEE Computer Society, 2004, 1: 7073.
[14] ESPONDA F, FORREST S, HELMAN P. A formal framework for positive and negative detection [J]. IEEE Transactions on Systems, Man, and Cybernetics—Part B: Cybernetics, 2004, 34(1): 357374.
[15] MUKKAMALA S, SUNG A H, ABRAHAM A. Intrusion detection using ensemble of soft computing paradigms [C]∥ Third International Conference on Intelligent Systems Design and Applications, Intelligent Systems Design and Applications, Advances in Soft Computing. Germany: Springer Verlag, 2003: 239248.
[1] 袁红, 王波, 王丽, 许睦旬. 以轮廓为对象的体态特征情绪分类与预测[J]. 浙江大学学报(工学版), 2018, 52(1): 160-165.
[2] 尤海辉, 马增益, 唐义军, 王月兰, 郑林, 俞钟, 吉澄军. 循环流化床入炉垃圾热值软测量[J]. 浙江大学学报(工学版), 2017, 51(6): 1163-1172.
[3] 朱东阳, 沈静逸, 黄炜平, 梁军. 基于主动学习和加权支持向量机的工业故障识别[J]. 浙江大学学报(工学版), 2017, 51(4): 697-705.
[4] 廖苗, 赵于前, 曾业战, 黄忠朝, 张丙奎, 邹北骥. 基于支持向量机和椭圆拟合的细胞图像自动分割[J]. 浙江大学学报(工学版), 2017, 51(4): 722-728.
[5] 李滔, 王士同. 增量式0阶TSK模糊分类器及鲁棒改进[J]. 浙江大学学报(工学版), 2017, 51(10): 1901-1911.
[6] 谢罗峰, 徐慧宁, 黄沁元, 赵越, 殷国富. 应用双树复小波包和NCA-LSSVM检测磁瓦内部缺陷[J]. 浙江大学学报(工学版), 2017, 51(1): 184-191.
[7] 钟崴, 彭梁, 周永刚, 徐剑, 从飞云. 基于小波包分析和支持向量机的锅炉结渣诊断[J]. 浙江大学学报(工学版), 2016, 50(8): 1499-1506.
[8] 陈大伟, 姚拴宝, 刘韶庆, 郭迪龙. 高速列车头型气动反设计方法[J]. 浙江大学学报(工学版), 2016, 50(4): 631-640.
[9] 赵凌, 黄平捷, 刘宝玲, 赵树浩, 侯迪波, 张光新. 多层导电结构内部状态脉冲涡流检测分析方法[J]. 浙江大学学报(工学版), 2016, 50(4): 603-608.
[10] 冯培恩, 彭贝, 高宇, 邱清盈. 液压挖掘机作业循环阶段的智能识别[J]. 浙江大学学报(工学版), 2016, 50(2): 209-217.
[11] 潘翔,童伟淮,张三元,郑河荣. 结合语义本体与泊松方程的动画角色模型分割[J]. 浙江大学学报(工学版), 2015, 49(9): 1634-1641.
[12] 黄发明, 殷坤龙, 张桂荣, 唐志政, 张俊. 多变量PSO-SVM模型预测滑坡地下水位[J]. 浙江大学学报(工学版), 2015, 49(6): 1193-1200.
[13] 谭海龙, 刘康玲, 金鑫, 石向荣, 梁军. 基于μσ-DWC特征和树结构M-SVM的多维时间序列分类[J]. 浙江大学学报(工学版), 2015, 49(6): 1061-1069.
[14] 白帆, 郑慧峰, 沈平平, 王成, 喻桑桑. 基于花朵特征编码归类的植物种类识别方法[J]. 浙江大学学报(工学版), 2015, 49(10): 1902-1908.
[15] 柯海丰,应晶. 基于R-ELM的实时车牌字符识别技术[J]. 浙江大学学报(工学版), 2014, 48(7): 1209-1216.