网络入侵检测系统中的漂移检测

钱亚冠; 关晓惠

doi:10.11959/j.issn.1000-0801.2015058

您当前的位置：

首页 >

文章列表页 >

网络入侵检测系统中的漂移检测

研究与开发 | 更新时间：2024-06-05

- 网络入侵检测系统中的漂移检测
- Adversarial Drift Detection in Intrusion Detection System
- 电信科学 2015年31卷第3期页码：67-73
- 作者机构：
  
  1. 浙江科技学院杭州 310023
  2. 浙江水利水电学院杭州 310018
- 作者简介：
  
  [ "钱亚冠，男，博士，浙江科技学院副教授，主要研究方向为互联网流量分类、下一代互联网、机器学习与数据挖掘。" ]
  [ "关晓惠，女，浙江水利水电学院副教授，主要研究方向为机器学习与数据挖掘。" ]
- 基金信息：
  
  国家自然科学基金资助项目;The National Natural Science Foundation of China(61379118);浙江省网络媒体云处理与分析工程技术中心开放课题资助项目;Education Department Foundation of Zhejiang Province(2012E10023-14);2014年度高校国内访问学者专业发展基金资助项目;2014 Annual Professional Development Program of Domestic Universities Visiting Scholar(FX2014092)
- DOI：10.11959/j.issn.1000-0801.2015058
  中图分类号：
- 网络出版日期：2015-03，
  
  纸质出版日期：2015-03-20
- 稿件说明：
移动端阅览
钱亚冠, 关晓惠. 网络入侵检测系统中的漂移检测[J]. 电信科学, 2015,31(3):67-73.

Yaguan Qian, Xiaohui Guan. Adversarial Drift Detection in Intrusion Detection System[J]. Telecommunications science, 2015, 31(3): 67-73.
钱亚冠, 关晓惠. 网络入侵检测系统中的漂移检测[J]. 电信科学, 2015,31(3):67-73. DOI： 10.11959/j.issn.1000-0801.2015058.

Yaguan Qian, Xiaohui Guan. Adversarial Drift Detection in Intrusion Detection System[J]. Telecommunications science, 2015, 31(3): 67-73. DOI： 10.11959/j.issn.1000-0801.2015058.

摘要

目前基于机器学习的入侵检测系统大都建立在入侵数据始终保持统计平稳的假设之上，无法应对攻击者有意改变数据特性或新型攻击方式的出现，而导致的检测率下降的状况。对于上述问题，即攻击漂移，提出了加权Rényi距离的检测方法。在KDD Cup99数据集上的实验证明，Rényi距离可以有效地增强检测效果；在检测到漂移后，通过重新训练模型可以使得对攻击的识别率显著提高。

Abstract

The recent intrusion detection systems based on machine learning generally assume that the intrusion traffic always satisfies stationary of statistics.However

this assumption is not always held when adversaries arbitrarily alter the distribution of traffic data

or develop new attack techniques

which may reduce the detection rate.To overcome this adversarial drift

a novel drift detection approach based on weighted Rényi distance was suggested.The experiment on KDD Cup99 shows that the weighted Rényi distance is able to perfectly detect the adversarial drift

and improve the intrusion detection rate by retraining the model.

关键词

Keywords

references

陆悠，李伟，罗军舟等 . 一种基于选择性协同学习的网络用户异常行为检测方法 . 计算机学报， 2014 , 37 （ 1 ）: 28 ～ 40

Lu Y , Li W , Luo J Z , et al . A network user's abnormal behavior detection approach based on selective collaborative learning . Chinese Journal of Computers , 2014 , 37 （ 1 ）: 28 ～ 40

张晓惠，林柏钢 . 基于特征选择和多分类支持向量机的异常检测 . 通信学报， 2009 , 30 （ 10A ）: 68 ～ 73

Zhang X H , Lin B G . Anomaly detection based on feature selection and multi-class support vector machines . Journal on Communications , 2009 , 30 （ 10A ）: 68 ～ 73

李洋，方滨兴，郭莉等 . 基于主动学习和 TCM-KNN 方法的有指导入侵检测技术 . 计算机学报， 2007 , 30 （ 8 ）: 1464 ～ 1473

Li Y , Fang B X , Guo L et al . Supervised intrusion detection based on active learning and TCM-KNN algorithm . Chinese Journal of Computers , 2007 , 30 （ 8 ）: 1464 ～ 1473

Li Y , Li W , Wu G . An intrusion detection approach using SVM and multiple kernel method . International Journal of Advancements in Computing Technology , 2012 , 4 （ 1 ）: 463 ～ 469

Biggio B , Corona I , Nelson B et al . Security Evaluation of Support Vector Machines in Adversarial Environments . Berlin:Springer International Publishing , 2014

Damopoulos D , Menesidou S A , Kambourakis G et al . Evaluation of anomaly-based IDS for mobile devices using machine learning classifiers . Security and Communication Networks , 2012 , 5 （ 1 ）: 3 ～ 14

Laskov P , Lippmann R . Machine learning in adversarial environments . Machine Learning , 2010 , 81 （ 2 ）: 115 ～ 119

Singh A , Walenstein A , Lakhotia A . Tracking concept drift in malware families . Proceedings of the 5th ACM Workshop on Security and Artificial Intelligence , Raleigh,USA , 2012 : 81 ～ 92

Kantchelian A , Afroz S , Huang L et al . Approaches to adversarial drift.Proceedings of the 2013 ACM Workshop on Artificial Intelligence and Security . 2013 : 99 ～ 110

Barreno M , Nelson B , Joseph A D , et al . The security of machine learning . Machine Learning , 2010 , 81 （ 2 ）: 121 ～ 148

Newsome J , Karp B , Song D . Paragraph:Thwarting Signature Learning by Training Maliciously . Berlin:Springer Berlin Heidelberg , 2006

Tsymbal A . The problem of concept drift:definitions and related work . Computer Science Department , Trinity College Dublin , 2004

Widmer G , Kubat M . Learning in the presence of concept drift and hidden contexts . Machine Learning , 1996 , 23 （ 1 ）: 69 ～ 101

Zliobaite I . Learning Under Concept Drift:an Overview . Technical Report,Vilnius University , 2009

Kelly M G , Hand D J , Adams N M . The impact of changing populations on classifier performance . Proceedings of the Fifth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining , San Diego , 1999 : 367 ～ 371

Van Erven T , Harremoës P . Rényi divergence and majorization.Proceedings of 2010 IEEE International Symposium on Information Theory（ISIT） . Austin,Texas,USA , 2010 : 1335 ～ 1339

Yu S , Zhou W , Doss R . Information theory based detection against network behavior mimicking DDoS attacks . Communications Letters , 2008 , 12 （ 4 ）: 318 ～ 321

Jaynes E T . Information theory and statistical mechanics . Physical Review , 1957 , 106 （ 4 ）

Shannon C E . A mathematical theory of communication . The Bell System Technical Journal , 1948 （ 27 ）: 379 ～ 423 , 623 ～ 656

Hettich S , Bay S D . KDD cup 1999 . http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html , 2007

浏览量

903

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

车联网中基于stacking集成学习的攻击检测模型

面向车联网的基于卷积神经网络的入侵检测模型

一种适用于小样本条件的网络入侵检测方法

基于模糊理论与关联规则的入侵检测模型

一种基于不均衡数据的网络入侵流量分类方法