Immune Based Intrusion Detector Generating Algorithm

Immune-based intrusion detection approaches are studied. The methods of constructing self set and generating mature detectors are researched and improved. A binary encoding based self set construction method is applied. First, the traditional mature detector generating algorithm is improved to generate mature detectors and detect intrusions faster. Then, a novel mature detector generating algorithm is proposed based on the negative selection mechanism. According to the algorithm, less mature detectors are needed to detect the abnormal activities in the network. Therefore, the speed of generating mature detectors and intrusion detection is improved. By comparing with those based on existing algorithms, the intrusion detection system based on the algorithm has higher speed and accuracy.     

Algorithm of Intrusion Detection Based on Data Mining and Its Implementation

Intrusion detection is regarded as classification in data mining field. However instead of directly mining the classification rules, class association rules, which are then used to construct a classifier, are mined from audit logs. Some attributes in audit logs are important for detecting intrusion but their values are distributed skewedly. A relative support concept is proposed to deal with such situation. To mine class association rules effectively, an algorithms based on FP-tree is exploited. Experiment result proves that this method has better performance.     

Intrusion detection based on rough set and artificial immune

In order to increase intrusion detection rate and decrease false positive detection rate , a novel intrusion detection algorithm based on rough set and artificial immune ( RSAI-IDA) is proposed. Using artificial immune in intrusion detection , anomaly actions are detected adaptively , and with rough set , effective antibodies can be obtained .A scheme , in which antibodies are partly generated randomly and others are from the artificial immune algorithm , is applied to ensure the antibodies di-versity.Finally, simulations of RSAI-IDA and comparisons with other algorithms are given .The ex-perimental results illustrate that the novel algorithm achieves more effective performances on anomaly intrusion detection , where the algorithm ’ s time complexity decreases , the true positive detection rate increases , and the false positive detection rate is decreased .     

Learning Vector Quantization Neural Network Method for Network Intrusion Detection

A new intrusion detection method based on learning vector quantization （LVQ） with low overhead and high efficiency is presented. The computer vision system employs LVQ neural networks as classifier to recognize intrusion. The recognition process includes three stages： （1） feature selection and data normalization processing;（2） learning the training data selected from the feature data set; （3） identifying the intrusion and generating the result report of machine condition classification. Experimental results show that the proposed method is promising in terms of detection accuracy, computational expense and implementation for intrusion detection.     

A Fast Distributed Algorithm for Association Rule Mining Based on Binary Coding Mapping Relation

Association rule mining is an important issue in data mining. The paper proposed an binary system based method to generate candidate frequent itemsets and corresponding supporting counts efficiently, which needs only some operations such as ＂and＂, ＂or＂ and ＂xor＂. Applying this idea in the existed distributed association rule mining al gorithm FDM, the improved algorithm BFDM is proposed. The theoretical analysis and experiment testify that BFDM is effective and efficient.     

Methods for Increasing Creditability of Anomaly Detection System

Based on Bayes‘ theorem we point out that the false positive rate must be lower than the intrusion base rate in order to make the Alarm Credibility Probability of the intrusion detection system exceed 50%. We present the methods that have been used in our developing intrusion detection system AIIDS (artificial immune intrusion detection systems) to increase the creditability of anomaly detection system. These methods include increasing the regularities of the system call trace by use of Hidden Markov Model (HMM), making every antibody or detector has finite lifetime, offering the detector a co-stimulate signal to illustrate whether there is damage in the system according to the integrity, confidentiality, or availability of the system resource.     

A novel intrusion detection method based on improved SVM by combining PCA and PSO

The paper presents an improved support vector machine (SVM) by combining principal component analysis (PCA) and particle swarm optimization (PSO).Then,the improved SVM is applied to the intrusion detection system (IDS) to improve the detection rate.First,PCA is used to reduce the dimension of feature vectors.Second,we use the PSO algorithm to optimize the punishment factor C and kernel parameters in SVM.The experimental results indicate that the intrusion detection rate (97.752 8%) of improved SVM by combining PCA and PSO is higher than those (95.635 5%) of PSO-SVM and those (90.476 2%) of standard SVM with KDD Cup 1999 data set.     

A Parallel Decision Model Based on Support Vector Machines and Its Application to Fault Diagnosis

Many industrial process systems are becoming more and more complex and are characterized by distributed features. To ensure such a system to operate under working order, distributed parameter values are often inspected from subsystems or different points in order to judge working conditions of the system and make global decisions. In this paper, a parallel decision model based on Support Vector Machine (PDMSVM) is introduced and applied to the distributed fault diagnosis in industrial process. PDMSVM is convenient for information fusion of distributed system and it performs well in fault diagnosis with distributed features. PDMSVM makes decision based on synthetic information of subsystems and takes the advantage of Support Vector Machine. Therefore decisions made by PDMSVM are highly reliable and accurate.     

On-line Detection of Gas Pipeline Based on the Real-Time Algorithm and Network Technology with Robot

The detection system integrates control technology, network technology, video encoding and decoding, video transmission, multi-single chip microcomputer communication, database technology, computer software and robot technology. The robot can adaptively adjust its status according to diameter (from 400 mm to 650 mm) of pipeline. The maximum detection distance is up to 1 000 m. The method of video coding in the system is based on fractal transformation. The experiments show that the coding scheme is fast and good PSNR. The precision of on-line detection is up to 3% thickness of pipeline wall. The robot can also have a high precision of location up to 0.03 m. The control method is based on network and characterized by on-line and real-time. The experiment in real gas pipelineshows that the performance of the detection system is good.     

一种基于移动agent的入侵检测系统框架研究

提出了一种新结构———基于移动agent技术的IDS,并对此结构的优缺点作了详细的分析,对研究基于移动代理技术的入侵检测系统具有一定的指导作用.MA IDS采用移动agent技术共同合作处理每个被监控主机的信息,然后完成全局入侵者行为的信息提取.主要讲述了系统的结构模型和系统各个组件的功能,最后讨论了系统的特点和有待改进的地方.     

基于元学习的网络入侵协同检测框架

提出了一种基于元学习的网络入侵协同检测框架.利用数据挖掘/分布式数据挖掘技术提取检测到新型攻击行为的模式,并实时地加入攻击特征库;利用元学习方法进行协同检测,并给了出一个改进的最佳检测模型的搜索算法,能够自动地调整分类算法的参数和系统阈值.     

入侵检测中的数据挖掘分析方法

入侵检测随着网络的发展而受到人们的重视。数据挖掘技术旨在从大量的数据中提炼出抽象的知识,揭示出蕴含在这些数据背后的客观规律,实现知识的自动获取。将数据挖掘与入侵检测结合起来能够提高入侵检测系统的智能性、准确性和检测效率。文章论述了数据挖掘分析方法在入侵检测中的应用,给出一种基于数据挖掘的入侵检测系统模型。     

入侵报警模式挖掘分析算法研究

为有效地缩减报警的数量,提取报警中的有用信息,提出了一个基于CLOSET算法的入侵报警模式挖掘分析算法,在分布式入侵检测系统中,帮助响应部件对入侵检测部件的报警消息进行挖掘分析,挖掘出报警中的频繁闭模式,以此为依据进行响应.为了发现潜在的入侵行为,扩展了IDMEF格式,提出了怀疑度概念.为了不忽略出现不频繁但怀疑度高的报警,对该算法进行了改进,增加了最小怀疑度参数.实验结果表明,两个算法都可以有效地缩减报警的数量,而改进的算法能够更好地提取报警中的有用信息.     

基于数据挖掘的网络入侵检测系统模型的研究

论述了入侵检测系统的基本概念,结合异常检测和滥用检测,提出了基于数据挖掘的网络入侵检测系统模型。介绍了该系统模型的基本思想,该系统模型通过将预处理的网络数据包送到数据挖掘过程控制模块,产生出能精确描述入侵行为和系统正常行为模式的规则,并且自动产生精确适用的检测模型。     

基于数据挖掘的入侵检测系统分析研究

首先介绍了入侵检测系统的相关技术,然后着重介绍了将数据挖掘技术应用于入侵检测系统;通过数据挖掘技术和入侵检测技术,提出了一种基于数据挖掘技术的入侵检测系统模型;将数据挖掘方法中的关联规则,分类分析在入侵检测系统中的协同工作方式,通过对关联规则和分类分析,得到入侵规则。     

基于数据挖掘的入侵检测系统

入侵检测技术已经成为网络安全领域的热点,笔者介绍了如何将数据挖掘方法更好的用于入侵检测系统中,并具体说明了一种基于数据挖掘的入侵检测系统的构建。     

基于管理代理的分布式入侵检测系统设计

将网络管理系统与入侵检测系统相结合,建立基于管理代理的分布式入侵检测系统框架结构。研究管理代理的自治性、协同性以及管理代理间消息通信机制,建立管理代理的功能结构,设计基于遗传算法的调度Agent算法。从网络的各个层次分析管理信息库中与入侵检测有关的管理对象,建立检测规则库。完成分布式多层次结构化的具有自安全性的入侵检测系统的开发,达到管理代理对网络和主机监听目的。研究结果表明:根据攻击的本质特征,使用从管理信息库的统计数据中获取检测规则的方法,能有效实现对隐蔽和复杂攻击的检测。     

数据挖掘技术在网络入侵检测中的应用

研究了系统化的通用入侵检测方法，其核心思想是使用数据挖掘技术去建立正常的系统和用户行为模式，使用Tcpdump抓取网络数据包，采用两种数据挖掘方法对网络数据包进行分析。同时，为了满足有效学习(挖掘)和实时检测的双重挑战，提出了一个构建网络入侵检测系统的基于代理的体系结构。     

一种基于数据挖掘的入侵检测系统模型

提出了一种基于数据挖掘技术的入侵检测系统模型,该模型是一个核模型,具有很好的扩展能力和适应能力,该模型因使用了元检测引擎来综合处理来自各个基本检测引擎的数据而提高了检测结果的准确性。文中还构建了一个基于数据挖掘的入侵检测原型系统来分析几种典型的数据挖掘技术的实际应用效果,讨论了数据预处理和特征提取问题。