| 基于增量式犌犎犛犗M神经网络模型的入侵检测研究; Research on intrusion detection based on incremental GHSOM | |
| 杨雅辉 ; 黄海珍 ; 沈晴霓 ; 吴中海 ; 张英 | |
| 刊名 | 计算机学报
 |
| 2014 | |
| 关键词 | 增量式学习 生长型分层自组织映射 入侵检测 神经网络 信息安全 网络安全 incremental learning growing hierarchical SOM intrusion detection neural network information security network security |
| DOI | 10.3724/SP.J.1016.2014.01216 |
| 英文摘要 | 传统的网络入侵检测方法利用已知类型的攻击样本以离线的方式训练入侵检测模型,虽然对已知攻击类型具有较高的检测率,但是不能识别网络上新出现的攻击类型。这样的入侵检测系统存在着建立系统的速度慢、模型更新代价高等不足,面对规模日益扩大的网络和层出不穷的攻击,缺乏自适应性和扩展性,难以检测出网络上新出现的攻击类型。文中对GHSOM(Growing Hierarchical Self-Organizing Maps)神经网络模型进行了扩展,提出了一种基于增量式GHSOM神经网络模型的网络入侵检测方法,在不破坏已学习过的知识的同时,对在线检测过程中新出现的攻击类型进行增量式学习,实现对入侵检测模型的动态扩展。作者开发了一个基于增量式GHSOM神经网络模型的在线网络入侵检测原型系统,在局域网环境下开展了在线入侵检测实验。实验结果表明增量式GHSOM入侵检测方法具有动态自适应性,能够实现在线检测过程中对GHSOM模型的动态更新,而且对于网络上新出现的攻击类型,增量式GHSOM算法与传统GHSOM算法的检测率相当。; Traditional network intrusion detection models are usually trained in off-line way by using available types of intrusion samples. Although those well-known types of intrusions can be detected with higher detection rate, it is very difficult to detect those upcoming unknown types of network intrusions through the existing traditional network intrusion detection models. These intrusion detection systems have some defects: the systems are usually established in lower speed and the models are updated in higher cost. Besides, facing the increasing network scale and growing types of attacks, the existing intrusion detection systems are lack of adaptability and scalability. This paper expands the GHSOM(Growing Hierarchical Self-organizing Maps) neural network model and presents a network intrusion detection method based on dynamic incremental GHSOM neural network model. The improved GHSOM model can be updated in a dynamic and incremental way by using those online-collected new types of intrusion data during online intrusion detection. This incremental model can be online implemented to detect the new-emerging types of network intrusions without destroying the existing knowledge in the GHSOM model. We developed an intrusion detection prototype system based on the incremental GHSOM algorithm, and the online intrusion detection experiments are carried out under the experimental LAN environment. The experiment results show that the intrusion detection method based on the incremental GHSOM algorithm presented in this paper is dynamic and self-adaptive. The dynamic update of the GHSOM model has been verified through the experiment. Besides, the detection rate of our incremental GHSOM algorithm is similar with that of the traditional GHSOM algorithm through the comparative experiment for those new-emerging types of network intrusions.; 国家自然科学基金; EI; 中文核心期刊要目总览(PKU); 中国科技核心期刊(ISTIC); 中国科学引文数据库(CSCD); 0; 5; 1216-1224; 37 |
| 语种 | 中文 |
| 内容类型 | 期刊论文 |
| 源URL | [http://ir.pku.edu.cn/handle/20.500.11897/263469]  |
| 专题 | 软件与微电子学院 |
| 推荐引用方式 GB/T 7714 | 杨雅辉,黄海珍,沈晴霓,等. 基于增量式犌犎犛犗M神经网络模型的入侵检测研究, Research on intrusion detection based on incremental GHSOM[J]. 计算机学报,2014. |
| APA | 杨雅辉,黄海珍,沈晴霓,吴中海,&张英.(2014).基于增量式犌犎犛犗M神经网络模型的入侵检测研究.计算机学报. |
| MLA | 杨雅辉,et al."基于增量式犌犎犛犗M神经网络模型的入侵检测研究".计算机学报 (2014). |
| 个性服务 |
| 查看访问统计 |
| 相关权益政策 |
| 暂无数据 |
| 收藏/分享 |
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论