|
|||||
|
|
| 两种基于统计的入侵检测技术 | |
| 引用本文: | 潘峰,丁云飞,汪为农.两种基于统计的入侵检测技术[J].上海交通大学学报,2004,38(Z1):204-207. |
| 作者姓名: | 潘峰 丁云飞 汪为农 |
| 作者单位: | 1. 上海交通大学,计算机科学与工程系,上海,200030 2. 上海理工大学,电气工程系,上海,200093 3. 上海交通大学,网络信息中心,上海,200030 |
| 基金项目: | 国家自然科学基金资助项目(60073034) |
| 摘 要: | 异常检测是防范新型攻击的基本手段.使用两种基于统计的异常检测技术检测网络入侵,一种是基于最大熵原理先从理论上得到正常用户行为的概率分布,然后再设定检测阈值;另一种是基于K-近邻算法,该算法不需要预先知道分布,也能很好地完成异常检测的任务.最后使用DARPA 99的部分入侵测试数据对两种方法进行了测试,并对它们的优缺点进行了比较. |
| 关 键 词: | 计算机网络 异常检测 最大熵 K-最近邻 |
| 文章编号: | 1006-2467(2004)S1-0204-04 |
| 修稿时间: | 2003年9月30日 |
Anomaly Detection Techniques Based on Statistics |
|
| PAN Feng,DING Yun-fei,WANG Wei-nong.Anomaly Detection Techniques Based on Statistics[J].Journal of Shanghai Jiaotong University,2004,38(Z1):204-207. | |
| Authors: | PAN Feng DING Yun-fei WANG Wei-nong |
| Institution: | PAN Feng~1,DING Yun-fei~2,WANG Wei-nong~3 |
| Abstract: | Anomaly detection techniques can detect novel attacks. This paper proposed two approaches based on statistical techniques. One of them is based on a maximum entropy method, which first educes the distribution of user's normal behavior, then decides the discrimination limit. The other is based on K-nearest neighbor (KNN) classifier. It is probabilistic but distribution-free. The preliminary experiments with 1999 DARPA tcpdump data show that both method can effectively detect intrusive attacks. In the end, a comprehensive comparison of these two methods was given. |
| Keywords: | computer networks anomaly detection maximum entropy K-nearest neighbor |
| 本文献已被 CNKI 万方数据 等数据库收录! | |