[1]罗 隽,潘志松,胡谷雨.基于SVDD的网络安全审计模型研究[J].智能系统学报,2007,2(4):69-73.
LUO Jun,PAN Zhi-song,HU Gu-yu.A network security audit system based on support vector data description algorithm[J].CAAI Transactions on Intelligent Systems,2007,2(4):69-73.
点击复制
LUO Jun,PAN Zhi-song,HU Gu-yu.A network security audit system based on support vector data description algorithm[J].CAAI Transactions on Intelligent Systems,2007,2(4):69-73.
基于SVDD的网络安全审计模型研究
《智能系统学报》[ISSN 1673-4785/CN 23-1538/TP] 卷:
2
期数:
2007年第4期
页码:
69-73
栏目:
学术论文—智能系统
出版日期:
2007-08-25
- Title:
- A network security audit system based on support vector data description algorithm
- 文章编号:
- 1673-4785(2007)04-0069-05
- Keywords:
- network security audit; intrusion detection; support vector data description; on eclass classifier
- 分类号:
- TP393.08
- 文献标志码:
- A
- 摘要:
- 审计是入侵检测的基础,为入侵检测提供必要的分析数据.在传统的网络安全审计与入侵检测系统中,需要由人工来定义攻击特征以发现异常活动.但攻击特征数据难以获取,能够预知的往往只是正常用户正常使用的审计信息.提出并进一步分析了一种基于支持向量描述(SVDD)的安全审计模型,使用正常数据训练分类器,使偏离正常模式的活动都被认为是潜在的入侵.通过国际标准数据集MIT LPR的优化处理,只利用少量的训练样本,试验获得了对异常样本100%的检测率,而平均虚警率接近为0.
- Abstract:
- Security audit, which is the basis of intrusion detection, provides the necessar y data for intrusion detection analysis. In traditional security audit and intru sion detection system, the characteristics of an attack need to be defined by ex perts for the system to be able to successfully identify anomalous activities. D ue to the difficulty in predicting attack data, in most cases administrators onl y get normal sequences of system calls. In this paper, a security audit system b a sed on SVDD algorithm was designed to resolve the oneclass problem in anomalo us activity detection. All activities deviating from normal patterns were classi fied as potential intrusions. In experiments using the international standard da ta set MIT LPR, the oneclass classifier achieved a 100% detection rate and a z ero false alarm rate for sequences of system calls based on a small training dat aset. The proposed algorithms can be trained for anomalous activity detection si mply by using normal samples and the algorithm also enables the security audit s ystem to detect new types of anomalous behavior.
- 参考文献/References:
-
[1] BISHOP M. A standard audit trail format [A]. Proceeding of the 18th National Information Systems Security Conference [C]. Baltimore, l995.
[2]FORREST S, HOFMEYR S A. Computer immunology [J]. Communications of the A CM, 1997,40(10):88-96.
[3]WARRENDER C, FORREST S, PEARLMUTTER B. Detecting intrusion using system ca ll s: alternative data models [EB/OL].http://www.cs.unm.edu/~forrest/ publicatio ns/ Oaklandwithcite. pdf , 2000.
[4]FORREST S, HOFMEYR S A, LONGSTAFF T A. A sense of self for unix processes[ A]. IEEE Computer Society Press[C]. Los Alamitos, 1996.
[5]LEE W, STOLFO S J, MOK K W. A data mining framework for building intrusio n d etection models [A]. Proc the 1999 IEEE Symposium on Security and Privacy [C].Berkely, USA, 1999.
[6]HAYKIN S. Neural networksa comprehensive foundation[M ] 2nd. Beijing: Tsinghua University Press, 2001.
[7]CRISTIANINI N, TAYLOR J S. An introduction to SVMs and other kernel based learning methods[M]. Cambridge Univ Press, 2000.
[8]DAVID M J T. Oneclass classification [D]. Dissertation: ICT Grou p Delft Netherland,1999.
[9]MANEVITZ L M, YOUSEF M. Oneclass SVMs for document classification [J]. Journal of Machine Learning Research, 2001(2):139-154.
【10]RTSCH G, SCHLKOPF B, MIKA S M, et al. SVM and boosting: one class [R ]. Berlin, Germany: GMD FIRST Kekuiést, 2000.
[11]CHEN Y Q, ZHOU X, ET A L. Oneclass SVM for learning in image retrieval [ A]. IEEE Intl Conf on Image Proc (ICIP’2001) [C]. Thessaloniki, Greece, 200 1.
[12]COLIN C, KRISTIN P. A linear programming approach to novel ty detection[J]. Advances in Neural Information Processing System, 2001,1 3:25-28.
[13]潘志松,罗 隽.基于支持向量描述的人工免疫检测算法[J].哈尔滨工程大学学报,2006,27(增刊):302-306.
PAN Zhisong, LUO Jun. An immune detector algorithm based suppert vector data des cription[J]. Journal of Harbin Enqineering University, 2006,27(supl):302-3 06.
备注/Memo
收稿日期:2006-10-13.
基金项目:
江苏省自然科学基金资助项目(BK2005009);
中国博士后基金资助项目(2004036405);
江苏博士后基金资助项目(0401064B).
作者简介:
罗 隽,男,1981年生,讲师,主要研究方向为网络安全、模式识别.
E-mail:zyqs1981@hotmail.com.
潘志松,男,1973年生,副教授,主要研究方向为网络安全、模式识别.
E-mail:hotpzs@hotmail.com.
胡谷雨,男,1963年生,教授,博士生导师,主要研究方向为网络安全、网络管理. E-mail:huguyu@vip.163.com.
更新日期/Last Update:
2009-05-07