特定应用环境下的入侵检测架构

异常检测可以认为是通过对用户正常行为及系统正常应用环境的学习来识别异常的过程．由于系统及应用环境的复杂性,异常检测还难以达到很高的识别精度．为此,针对在物理上与Internet网完全隔离的计算机网络应用环境,亦即内网,提出基于mobile agent(MA)的多层次入侵检测架构,利用自组织映射网络方法,在不同层次的agent中建立二堆网格的自组织映射网络模型,分别检测目标系统不同层次上的异常现象．实验结果表明,在入侵者攻击的持续时间内,本系统通过多次采样的办法可以使检测率提高到满意的程度．

Intrusion Detection Architecture Under Specific Application Environment

Abnormal detection is considered as a process of recognizing the anomaly by learning to characterize the norm behaviors of user and system application environment.Because of complexity of application on net- work,it is difficult to improve the precision of abnormal detection.A multiple-layer architecture based on mo- bile agent(MA) for intrusion detection is presented in the computer network environment isolated with the Inter- net,which is often called isolated network.It utilizes the methodology of self-organizing map(SOM)neural network to build the two-dimension grid model of SOM neural network and detect the anomaly of the object sys- tem on different layers.The experiment shows that this multiple-layer architecture can improve the rate of intru- sion detection by sampling time after time in the duration of the network attacked.