基于分布式学习的大规模网络入侵检测算法
DOI:
作者:
作者单位:

作者简介:

通讯作者:

中图分类号:

基金项目:

Supported by the National Natural Science Foundation of China under Grant No.60573128 (国家自然科学基金); the National Research Foundation for the Doctoral Program of Higher Education of China under Grant No.20060183043 (国家教育部高校博士点基金)


Large-Scale Network Intrusion Detection Algorithm Based on Distributed Learning
Author:
Affiliation:

Fund Project:

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
  • |
  • 文章评论
    摘要:

    计算机网络的高速发展,使处理器的速度明显低于骨干网的传输速度,这使得传统的入侵检测方法无法应用于大规模网络的检测.目前,解决这一问题的有效办法是将海量数据分割成小块数据,由分布的处理节点并行处理.这种分布式并行处理的难点是分割机制,为了不破坏数据的完整性,只有采用复杂的分割算法,这同时也使分割模块成为检测系统新的瓶颈.为了克服这个问题,提出了分布式神经网络学习算法,并将其用于大规模网络入侵检测.该算法的优点是,大数据集可被随机分割后分发给独立的神经网络进行并行学习,在降低分割算法复杂度的同时,保证学习结果的完整性.对该算法的测试实验首先采用基准测试数据circle-in-the-square测试了其学习能力,并与ARTMAP(adaptive resonance theory supervised predictive mapping)和BP(back propagation)神经网络进行了比较;然后采用标准的入侵检测测试数据集KDD'99 Data Set测试了其对大规模入侵的检测性能.通过与其他方法在相同数据集上的测试结果的比较表明,分布式学习算法同样具有较高的检测效率和较低的误报率.

    Abstract:

    As Internet bandwidth is increasing at an exponential rate, it's impossible to keep up with the speed of networks by just increasing the speed of processors. In addition, those complex intrusion detection methods also further add to the pressure on network intrusion detection system (NIDS) platforms, and then the continuous increasing speed and throughput of network pose new challenges to NIDS. In order to make NIDS effective in Gigabit Ethernet, the ideal policy is to use a load balancer to split the traffic and forward them to different detection sensors, and these sensors can analyze the splitting data in parallel. If the load balancer is required to make each slice containing all the necessary evidence to detect a specific attack, it has to be designed complicatedly and becomes a new bottleneck of NIDS. To simplify the load balancer, this paper puts forward a distributed neural network learning algorithm. By using the learning algorithm, a large data set can be split randomly and each slice data is handled by an independent neural network in parallel. The first experiment tests the algorithm's learning ability on the benchmark of circle-in-the-square and compares it with ARTMAP (adaptive resonance theory supervised predictive mapping) and BP (back propagation) neural network; the second experiment is performed on the KDD'99 Data Set which is a standard intrusion detection benchmark. Comparisons with other approaches on the same benchmark show that it can perform detection at a high detection speed and low false alarm rate.

    参考文献
    相似文献
    引证文献
引用本文

刘衍珩,田大新,余雪岗,王 健.基于分布式学习的大规模网络入侵检测算法.软件学报,2008,19(4):993-1003

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2007-03-29
  • 最后修改日期:2007-06-14
  • 录用日期:
  • 在线发布日期:
  • 出版日期:
您是第位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号