海军航空工程学院学报2011,Vol.26Issue(5):543-548,6.
基于条件随机场的实时入侵检测系统框架实现
Real-Time Intrusion Detection System Framework Based on Conditional Random Fields
顾佼佼 1姜文志 1粟飞 2胡文萱3
作者信息
- 1. 海军航空工程学院兵器科学与技术系,山东烟台264001
- 2. 海军航空工程学院指挥系,山东烟台264001
- 3. 海军航空工程学院外训系,山东烟台264001
- 折叠
摘要
Abstract
Intrusion detection systems are now an essential component in the all kinds of network even including wireless ad hoc network. With the rapid advancement in the network technologies, the focus of intrusion detection has shifted from simple signature matching approaches to detecting attacks based on analyzing contextual information that employed in based on anomaly and hybrid intrusion detection approaches In order to correctly and effectively recognizing the hidden attack intrusion from large volume of low level system logs, a layered based on anomaly intrusion detection framework was proposed using conditional random fields to detect a wide variety of attacks. For models separately, and then processes the data layer fou by r classes of attack the framework trains four different layer to detect intrusion. Attacks could be identified and intrusion response could be initiated in real time with this framework and the system adaptability and portability were improved significantly reduce the system false alarm rate and false detection rate. Experiments show that the CRF model could detect attacks effectively关键词
入侵检测/条件随机场/机器学习/层叠模型Key words
intrusion detection/CRFs/Machine Learning/overlay model分类
信息技术与安全科学引用本文复制引用
顾佼佼,姜文志,粟飞,胡文萱..基于条件随机场的实时入侵检测系统框架实现[J].海军航空工程学院学报,2011,26(5):543-548,6.
