基于自适应免疫分类器的入侵检测

由于采用传统的分类器进行检测时,存在检测率低而误报率高的问题.提出了一种基于免疫聚类的自适应分类器方法,采用多信息粒度的思想有效地克服了聚类算法与分类算法间的不一致性.通过在真实网络数据集上对多种入侵行为的检测结果表明:该分类器的检测率高、漏报率和误报率低,较RBF分类器和BP分类器具有更好的分类性能和推广性能.     

Methods for Increasing Creditability of Anomaly Detection System

Based on Bayes‘ theorem we point out that the false positive rate must be lower than the intrusion base rate in order to make the Alarm Credibility Probability of the intrusion detection system exceed 50%. We present the methods that have been used in our developing intrusion detection system AIIDS (artificial immune intrusion detection systems) to increase the creditability of anomaly detection system. These methods include increasing the regularities of the system call trace by use of Hidden Markov Model (HMM), making every antibody or detector has finite lifetime, offering the detector a co-stimulate signal to illustrate whether there is damage in the system according to the integrity, confidentiality, or availability of the system resource.     

Intrusion detection based on rough set and artificial immune

In order to increase intrusion detection rate and decrease false positive detection rate , a novel intrusion detection algorithm based on rough set and artificial immune ( RSAI-IDA) is proposed. Using artificial immune in intrusion detection , anomaly actions are detected adaptively , and with rough set , effective antibodies can be obtained .A scheme , in which antibodies are partly generated randomly and others are from the artificial immune algorithm , is applied to ensure the antibodies di-versity.Finally, simulations of RSAI-IDA and comparisons with other algorithms are given .The ex-perimental results illustrate that the novel algorithm achieves more effective performances on anomaly intrusion detection , where the algorithm ’ s time complexity decreases , the true positive detection rate increases , and the false positive detection rate is decreased .     

神经网络在入侵检测中的应用

当前的入侵检测技术主要有基于规则的误用检测和基于统计的异常检测。提出一个基于神经网络的入侵检测系统模型，利用神经网络的自学习、自适应的特性，快速识别和对噪声数据的处理能力，使入侵检测系统能够较好地识别新的攻击。     

一种基于多分类器协同训练的网络异常检测方法

基于机器学习的网络异常检测方法是入侵检测领域的重要研究内容.传统的机器学习方法需要大量的已标记样本对分类器进行训练,然而已标记样本通常较难获取,导致分类器训练困难;此外单分类器训练面临难以消除的分类偏向性和检测孔洞.针对上述问题,本文提出了一种基于多分类器协同训练的异常检测方法MCAD,该方法利用少量的已标记样本和大量的未标记样本对多个分类器进行协同训练,以减少分类的偏向性和检测孔洞.对比实验采用经典的网络异常检测数据集KDD CUP99对MCAD的异常检测性能进行验证。实验结果表明,MCAD有效地降低了检测器训练代价,提高了网络异常检测性能.     

A Neural Network Approach for Misuse and Anomaly Intrusion Detection

An MLP(Multi-Layer Perceptron)/ Elman neural network is proposed in this paper, which realizes classification with memory of past events using the real-time classification of MI.P and the memorial functionality of Elman. The system‘s sensitivity for the memory of past events can be easily reconfigured without retraining the whole network. This approach can be used for both misuse and anomaly detection system. The intrusion detection systems(IDSs) using the hybrid MLP/Elman neural network are evaluated by the intrusion detection evaluation data sponsored by U. S. Defense Advanced Research Projects Agency (DARPA). The results of experiment are presented in Receiver Operating Characteristic (ROC) curves. The capabilites of these IDSs to identify Deny of Service(DOS) and probing attacks are enhanced.     

一种改进的模糊人工免疫网络数据分类方法

针对现有人工免疫网络算法对先验知识应用不足的问题，提出一种基于模糊人工免疫网络的有监督学习数据分类方法．首先采用模糊C均值聚类算法为免疫网络提供疫苗（初始种群），将此疫苗作为免疫网络的初始抗体群，种群再经过克隆选择、网络压缩、免疫成熟、记忆等算子的不断扩展和压缩，形成一个由浓缩后的训练数据构成的抗体网络，最终基于该抗体网络采用“邻近原则”构造分类器．由于各算子的协调作用，该方法能够在高浓缩率的情况下更好地代替样本空间．UCI（University of California，Irvine）数据集的仿真实验证明，与aiNet方法相比，该方法在分类准确率和数据浓缩率上分别高出7．26％和11．16％，而且更稳定、可靠．     

一种基于虚拟力导向和细胞分化的免疫网络分类算法

针对传统免疫网络分类算法中抗体细胞进化缺乏有效指导的问题,提出了一种基于虚拟力导向和细胞分化的免疫网络分类算法(VCAINC).算法引入虚拟力场区的概念,基于虚拟力场区定义抗体所受的虚拟作用力以指导抗体的进化过程,并根据移动收敛条件判定抗体的合理位置;对于无法达到收敛条件的抗体,采用细胞分化策略提高免疫网络的分类性能;分析了算法在UCI标准数据集的分类效果.实验结果表明,VCAINC对于多个标准数据集均具有良好的分类性能,能够有效指导抗体细胞的进化.     

基于抗体的蚁群优化算法研究

针对蚁群优化（ant colony optimization,ACO）容易陷入局部最优,提出一个基于抗体的新型蚁群优化算法(ant colony optimization based on immune algorithm,ACOI)。ACOI是利用免疫算法中抗体的概念来改善人工蚂蚁搜寻解空间的方式,使人工蚂蚁不仅会依随费洛蒙的指引,还会受到抗体的影响去搜寻解空间;而抗体也会随着环境的改变,使抗体成为有效的及无效的2种情形,有效的抗体对人工蚂蚁会有影响,无效的抗体则没有影响。用旅行销售员问题（traveling salesmen problem,TSP）验证ACOI的效能,并与ACO做比较,证明了在蚁群系统中加入抗体要比单纯的蚁群系统效率更高。     

基于QPSO小波神经网络的网络异常检测

为了提高网络异常检测中,对异常状态的检测率,降低对正常状态的误判率,提出一种基于量子粒子群优化算法训练小波神经网络进行网络异常检测的新方法.利用量子粒子群优化算法(QPSO)训练小波神经网络,将小波神经网络(WNN)中的参数组合作为优化算法中的一个粒子,在全局空间中搜索具有最优适应值的参数向量.实验数据采用KDD CUP99数据集,实验结果表明:该学习算法与传统的梯度下降法(GD)和粒子群算法(PSO)相比,收敛速度快,具有更好的全局收敛性,提高了异常检测的准确性,同时该方法对于新的异常也有较高检测率.     

基于联邦学习的网络异常检测

作为一类网络安全的基础研究,网络异常检测技术目前还存在检测准确率低、误报率高以及缺乏标签数据等问题。为此提出一种融合联邦学习和卷积神经网络的网络入侵检测分类模型（CNN-FL）,可有效解决多个参与者在不共享隐私数据的情况下进行一个全局模型的协作训练时所带来的问题。该模型无需汇集模型训练所需要的数据进行集中计算,只是传递加密的梯度相关数据,即可利用多源数据协同训练同一模型,并解决缺乏标签数据的问题。随后将该模型应用于二分类和多分类方法中,并在同一基准数据集NSL-KDD上进行了实验比较与分析,实验结果表明,与其他研究方法相比,所提CNN-FL分类模型在二分类以及多分类中具有较高的识别性能和分类精度。     

基于深度学习的监控视频树叶遮挡检测

结合稀疏自编码器的自动提取数据特征能力和深度置信网络较好的分类性能,提出一种基于深度学习的监控视频树叶遮挡检测方法。首先从视频中随机选取一帧图像,通过栈式稀疏自编码器主动学习视频图像的特征信息,然后采用深度置信网络建立分类检测模型,最后引入学习速率自适应调整策略对整个神经网络进行微调。该方法不需要对视频连续取帧,具有较好的图像特征主动学习能力,克服了人工提取特征能力有限的缺陷。实验结果表明,在样本量充足的条件下,使用本文方法进行监控视频树叶遮挡检测可以达到88.97%的准确率。     

Analysis of negative correlation learning

This paper describes negative correlation learning for designing neural network ensembles. Negative correlation learning has been firstly analysed in terms of minimising mutual information on a regression task. By minimising the mutual information between variables extracted by two neural networks, they are forced to convey different information a-bout some features of their input. Based on the decision boundaries and correct response sets, negative correlation learning has been further studied on two pattern classification problems. The purpose of examining the decision boundaries and the correct response sets is not only to illustrate the learning behavior of negative correlation learning, but also to cast light on how to design more effective neural network ensembles. The experimental results showed the decision boundary of the trained neural network ensemble by correlation learning is almost as good as the optimum decision boundary. Foundation item: Supported by the National Natural Science Foundation of China (60133010) Biography: Liu Yong ( 1966-), male, Ph. D, Associate professor, research direction: evolutionary algorithms, neural networks, and evolvable hardware.     

一种基于独特型网络的入侵检测方法

为解决神经网络检测方法中检测器需要定期更新、未知攻击检测性能低等问题,利用人工独特型网络的记忆、学习和动态调整能力实现入侵检测.提出一种可用作检测器的多变异模式人工独特型网络,并根据免疫响应原理设计检测算法,使检测器能实时学习新行为特征.仿真结果表明,多变异模式独特型网络检测方法与多层感知器检测方法相比,平均误报率下降了17.43%,未知攻击的平均检测准确率提高了24.17%.     

人工免疫算法在洪水分类中的应用

 在总结洪水分类研究的基础上,提出了一种新的洪水分类方法,以人工免疫网络对洪水样本进行免疫学习和记忆,提取表征洪水强度的有用特征得到抗体库和相似度矩阵,利用最小生成树方法,依据抗原与记忆集的亲和度确定洪水的分类。以宜昌站12场典型洪水过程和广东石狗站17场典型洪水过程为例进行了洪水聚类分析,结果表明：所提算法有效提取了同类型洪水的模糊特征和规律,去除了不必要的信息冗余,较好地将同类洪水聚集在了一起;与进化粒子群优化算法相比,该法有更快的收敛速度。     

Learning Vector Quantization Neural Network Method for Network Intrusion Detection

A new intrusion detection method based on learning vector quantization （LVQ） with low overhead and high efficiency is presented. The computer vision system employs LVQ neural networks as classifier to recognize intrusion. The recognition process includes three stages： （1） feature selection and data normalization processing;（2） learning the training data selected from the feature data set; （3） identifying the intrusion and generating the result report of machine condition classification. Experimental results show that the proposed method is promising in terms of detection accuracy, computational expense and implementation for intrusion detection.     

A Deep Web Query Interfaces Classification Method Based on RBF Neural Network

This paper proposes a new approach for classification for query interfaces of Deep Web, which extracts features from the form＇s text data on the query interfaces, assisted with the synonym library, and uses radial basic function neural network （RBFNN） algorithm to classify the query interfaces. The applied RBFNN is a kind of effective feed-forward artificial neural network, which has a simple networking structure but features with strength of excellent nonlinear approximation, fast convergence and global convergence. A TEL_8 query interfaces＇ data set from UIUC on-line database is used in our experiments, which consists of 477 query interfaces in 8 typical domains. Experimental results proved that the proposed approach can efficiently classify the query interfaces with an accuracy of 95.67%.     

特定应用环境下的入侵检测架构

异常检测可以认为是通过对用户正常行为及系统正常应用环境的学习来识别异常的过程．由于系统及应用环境的复杂性,异常检测还难以达到很高的识别精度．为此,针对在物理上与Internet网完全隔离的计算机网络应用环境,亦即内网,提出基于mobile agent(MA)的多层次入侵检测架构,利用自组织映射网络方法,在不同层次的agent中建立二堆网格的自组织映射网络模型,分别检测目标系统不同层次上的异常现象．实验结果表明,在入侵者攻击的持续时间内,本系统通过多次采样的办法可以使检测率提高到满意的程度．