张宝军,潘雪增,王界兵,平玲娣

DOI: https://doi.org/10.3785/j.issn.1008-973X.2009.06.004

2009-01-01

Abstract:Real-time intrusion detection under current network environment exists the following problems: first, the scale of network is large, and a great deal of information needs to be processed, which requires large throughput to the intrusion detection system (IDS); second, the network environment is complex, and the data type is multiplex, accordantly, the intrusion detection system should has high accuracy. Aiming at these problems, a model of intrusion detection system was proposed. The model uses the distributed architecture based on multi-agent system and shows good expansibility, and can self-adjust according to the scale and bandwidth of network. The model uses technologies of anomaly intrusion detection and misuse intrusion detection together, and has low false alert rate and miss alert rate. Multi-attribute data abstraction is used in the model to grasp the feature of intrusion accurately and provide strong support for intrusion identification. The classifier is constructed with radial basis function (RBF) so as to have good extension to unknown intrusions, and can do effective judgment to unknown intrusions. Experimental results show that the system has large throughput and high accuracy, thus it is suitable for current network and has good practicability.

Yong-mei GAO,Ji-yi WU,Ling-di PING

DOI: https://doi.org/10.3969/j.issn.1673-629X.2009.08.039

2009-01-01

Abstract:Owing to many new characteristics such as central-less control and multi-hop communication,the security situation is more rigorous than that in the traditional Ad hoc network.Especially,when the number of nodes increase,the difficulty of building network,network availability and network security will be influenced badly.After the particular analysis of Sergio Marti's Watchdog and Pathrater arithmetic,intrusion detection system called SuperWatchdog,as the improved solution,was introduced to overcome the weakness of Watchdog.The main feature of the proposed system is its ability to discover malicious nodes which can partition the network by falsely reporting other nodes as misbehaving and then proceeds to protect the network.Simulation results show that our system decrease the overhead greatly,though it does not increase the throughput obviously.

WANG Xiaodong,ZHU Miaoliang

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.07.055

2005-01-01

Abstract:This paper puts forward an intellective network safe guard system based on a multi-agent system structure. The purpose of the system is to defend the intrusion of campus-wide network. It is based on IDXP and the focus is blackboard. This system can deal with multi-levels and many ways of anti-intrusions, which has self-determination. It is proved to have a good performance by spot tests.

Baojun Zhang,Xuezeng Pan,Jiebing Wang

DOI: https://doi.org/10.1109/fskd.2007.348

2007-01-01

Abstract:The current network is complicated due to the high- throughput and the multiformity of actions. A hybrid intru- sion detection system (HIDSFCN) is proposed in this study to satisfy the current network. It combines the advantages of all kinds of IDS and put forwards our own solvents to those key problems in current research. Experiment results demonstrate that our HIDSFCN is of high performance and good practicability.

李章维,张建明,王树青

DOI: https://doi.org/10.3785/j.issn.1008-973x.2004.08.001

2004-01-01

Abstract:For improving the stability, reliability, and convenient safeguard in network systems, a new method for network fault detection based on the network device running status was proposed. Using the feature of real network and SNMP(simple network management protocol) and TELNET(telecommunication network protocol), the realization of multi-agent network management systems was discussed. The network management system is characterized by rapid network fault detection, determination and treatment, which has intelligence and capacity for self-study, and also shortens the time of network fault (response) and treatment, thus the reliability of the network was improved. With the use of multi-Agent technology, the new way for studying network management has advantages of simple calculation, rapid fault detection, etc.

Guanding Yu

2005-01-01

Abstract:A distributed IP spoof detection system in Intranet is proposed, which can efficiently detect IP spoof behaviors in Intranet. Current techniques of defending IP spoof are analyzed. Aimed at characteristics of Intranet, the design of the system is introduced in detail. The determination method of IP spoof and the design of the monitor, which is a key component of the system, are presented. The implementation of data capture model is also presented. From the experimentation result, it is concluded that the system has the characteristics of high accuracy and real-time performance, but little data traffic. It can be generalized in Intranet of different scales and in other network security systems.

HUANG Jia-Lin,Liu Hai-Tao,Mei Zhen-Kun,Gan Miao-Jin,Sun Qian

2008-01-01

Periodical of Ocean University of China

Abstract:The management of a large campus network is complex and difficult.An effective network management system is basical for secure and steady network.The current network management systems focus on the management of the equipment,they have not related network management to the network user behavior.The System Based on User Network Behavior Monitoring and Controlling amalgamated the technical character of various system manufacturer.Because of making use of the functions and the management messages of the present network equipments and systems,analyzing and ruling the user's network behavior,and eliminating the effect of the bad network behavior,it can maintain a secure and steady network and reduce the network manager's workload.

Lu,Zhengguo Xu,Wenhai Wang,Youxian Sun

DOI: https://doi.org/10.1016/j.ress.2012.12.015

IF: 7.247

2013-01-01

Reliability Engineering & System Safety

Abstract:Over the past few years, fault detection for computer networks has attracted extensive attentions for its importance in network management. Most existing fault detection methods are based on active probing techniques which can detect the occurrence of faults fast and precisely. But these methods suffer from the limitation of traffic overhead, especially in large scale networks. To relieve traffic overhead induced by active probing based methods, a new fault detection method, whose key is to divide the detection process into multiple stages, is proposed in this paper. During each stage, only a small region of the network is detected by using a small set of probes. Meanwhile, it also ensures that the entire network can be covered after multiple detection stages. This method can guarantee that the traffic used by probes during each detection stage is small sufficiently so that the network can operate without severe disturbance from probes. Several simulation results verify the effectiveness of the proposed method.

Yahui Yang,Chunfang Huang,Zhijing Qin

DOI: https://doi.org/10.1109/nswctc.2009.237

2009-01-01

Abstract:Setting up a large number of network connections and using up a lot of bandwidth are usually regarded as a network misuse behavior. It is significance for the network supervision to find and recognize these behaviors timely and correctly. This paper proposes a network misuse detection mechanism based on traffic log, combining the payload independent traffic classification technology. Through this mechanism, we can complete the selection of behavior features, and overcome the problems for both sample insufficiency and adaptability by using collaborative learning method. The experiment result shows that the method can separate 99% of the normal types from the misuse types, and the recognition rate of various misuse types can reach 80% or so, even be above 90% for some misuse types, which meets the application demand.

Yu Sun,Xiaorong Liu,Xiaoli Shen

DOI: https://doi.org/10.1155/2022/3170164

IF: 1.968

2022-11-19

Security and Communication Networks

Abstract:With the rapid advancement of society and the level of programming and the rapid development of computer technology, networking and information are playing an increasingly important role in the social life of the masses. Creating and developing a network information security monitoring system have become one of the most important ways to keep a computer running smoothly. Traditional information security systems cannot adapt to the ever-changing network environment. If only relying on it to maintain network security, it will be far from effective monitoring and defense. Based on the theory of network information security, this study analyzes the characteristics of network information and the information security monitoring technology at the current stage. Based on the background of big data era, a new type of computer network information security monitoring system is proposed. This system is compared with the traditional network information security monitoring system, and the performance and stability of the system are investigated, respectively. The experimental data show that the network information security monitoring system designed in this study can achieve more than 99% detection rate of external attacks in a network environment with a background traffic of 10M. Its false alarm rate is lower than 4%, and the false alarm rate is lower than 7%. The qualitative mean reaches 93.02%, indicating its good monitoring accuracy and stability. By popularizing it in the current network environment, it can effectively identify and defend information attacks and maintain the development of network information security.

computer science, information systems,telecommunications

Cai Hongmin,Li Qinglong,Huang Jun,Li Huaji

DOI: https://doi.org/10.3969/j.issn.1000-386X.2012.02.085

2012-01-01

Abstract:With the development of campus networks,the users' number of campus networks is greatly increased,meanwhile the ARP spoofing attacks in LAN impact the internet surfing quality of campus networks users significantly as well.In the paper,we read ARP table of routers and switches by SNMP to detect the ARP spoofing attacks,and quickly locate the ARP spoofing attacker in conjunction with DCBI networks managing system with perfect effect.

Beipeng Mu,Xinming Chen,Zhen Chen

DOI: https://doi.org/10.1109/cmc.2011.130

2011-01-01

Abstract:Network Security Appliances are deployed at the vantage point of the Internet to detect security events and prevent attacks. However, these appliances are not so effective when it comes to distributed attacks such as DDoS. This paper presents a design and implementation of collaborative network security management system (CNSMS), which organize the NetSecu nodes into a hybrid P2P and hierarchy architecture to share the security knowledge. NetSecu nodes are organized into a hierarchy architecture so they could realize different management or security functions. In each level, nodes formed a P2P networks for higher efficiency. To guarantee identity trustworthy and information exchange secure, PKI infrastructure is deployed in CNSMS. Finally experiments are conducted to test the computing and communication cost.

Ruey-Maw Chen,Kuo-Ta Hsieh

DOI: https://doi.org/10.1002/dac.1289

2011-06-01

International Journal of Communication Systems

Abstract:Dependence on the Internet is increasing dramatically. Therefore, many researchers have given great attention to the issue of how to tighten Internet security. This study proposes a new scheme for the distributed intrusion prevention system (DIPS), in which the concept of ‘union’ is presented for satisfying the increasing requirements of Internet security issues. In this proposed design, the network intrusion detection system (NIDS) applies a misuse detection technique to detect well‐known intrusion behavior on the Internet. Meanwhile, for anomaly detection technique, a tool named ‘Scent’ (a network traffic sniffer) is combined with conditional legitimate probability to reveal previously undiscovered intrusion packets that do not match the intrusion signatures in NIDS. Moreover, blocking distributed denial‐of‐service (DDoS) attacks inside the protected allied network is also covered. To increase the detection accuracy, reduction of false positives and false negatives is also accomplished. Experimental results reveal that the suggested network security system scheme is effective and efficient in resolving the intrusion activity problem of real network environments. Copyright © 2011 John Wiley & Sons, Ltd. In this work, a new system scheme of the allied distributed intrusion prevention system was implemented to meet the increasing Internet security issues. A network intrusion detection system (NIDS) applies misuse detection technique to detect well‐known intrusion behaviors on the Internet. Meanwhile, for anomaly detection technique, a designed tool named ‘Scent’ (a network traffic sniffer) is combined with conditional legitimate probability to find out new intrusion packets that do not match the intrusion signatures in NIDS. Moreover, blocking distributed denial‐of‐service attacks inside the protected allied network is also designed. To increase the detection accuracy, reducing false positive and false negative are also accomplished.

telecommunications,engineering, electrical & electronic

Lu Yu,Richard R. Brooks

DOI: https://doi.org/10.1007/978-3-319-75683-7_15

2017-09-22

Abstract:With the rapid development of Internet and the sharp increase of network crime, network security has become very important and received a lot of attention. We model security issues as stochastic systems. This allows us to find weaknesses in existing security systems and propose new solutions. Exploring the vulnerabilities of existing security tools can prevent cyber-attacks from taking advantages of the system weaknesses. We propose a hybrid network security scheme including intrusion detection systems (IDSs) and honeypots scattered throughout the network. This combines the advantages of two security technologies. A honeypot is an activity-based network security system, which could be the logical supplement of the passive detection policies used by IDSs. This integration forces us to balance security performance versus cost by scheduling device activities for the proposed system. By formulating the scheduling problem as a decentralized partially observable Markov decision process (DEC-POMDP), decisions are made in a distributed manner at each device without requiring centralized control. The partially observable Markov decision process (POMDP) is a useful choice for controlling stochastic systems. As a combination of two Markov models, POMDPs combine the strength of hidden Markov Model (HMM) (capturing dynamics that depend on unobserved states) and that of Markov decision process (MDP) (taking the decision aspect into account). Decision making under uncertainty is used in many parts of business and <a class="link-external link-http" href="http://science.We" rel="external noopener nofollow">this http URL</a> use here for security <a class="link-external link-http" href="http://tools.We" rel="external noopener nofollow">this http URL</a> adopt a high-quality approximation solution for finite-space POMDPs with the average cost criterion, and their extension to DEC-POMDPs. We show how this tool could be used to design a network security framework.

Cryptography and Security

T. Liu,Z. Wang,H. Wang,K. Lu

DOI: https://doi.org/10.15837/ijccc.2012.3.1391

IF: 2.635

2014-01-01

International Journal of Computers Communications & Control

Abstract:Intrusion Detection System (IDS) typically generates a huge number of alerts with high false rate, especially in the large scale network, which result in a huge challenge on the efficiency and accuracy of the network attack detection. In this paper, an entropy-based method is proposed to analyze the numerous IDS alerts and detect real network attacks. We use Shannon entropy to examine the distribution of the source IP address, destination IP address, source threat and destination threat and datagram length of IDS alerts; employ Renyi cross entropy to fuse the Shannon entropy vector to detect network attack. In the experiment, we deploy the Snort to monitor part of Xi’an Jiaotong University (XJTU) campus network including 32 C-class network (more than 4000 users), and gather more than 40,000 alerts per hour on average. The entropy-based method is employed to analyze those alerts and detect network attacks. The experiment result shows that our method can detect 96% attacks with very low false alert rate.

Rong Chen,Ji Gao,Cheng Hua

DOI: https://doi.org/10.1109/ICMLC.2004.1378503

2004-01-01

Abstract:This paper presents an intelligent system for misuse detection. This system consists of three components: data capture and decode component according to CIDF model, data analysis engine component, and data console. We utilize the BP (back-propagation) neural network as misuse detection engine. For improving data capture performance, we integrate libpcap and BPF package. Data console is to show the data alert information with real notification to syslog and show on the screen. This system is implemented on the Linux platform.

Jie Ma,Shuanbao Li

DOI: https://doi.org/10.1155/2022/7300977

2022-05-13

Scientific Programming

Abstract:This article proposes a computer network security defense system model based on multisource big data, which makes the security of computer networks more complete because of the shortage of current computer network security defense systems. The current network security situation is analyzed, and the problems faced in the field of network security are pointed out; then, multisource big data is introduced, and the characteristics of the multisource big data model are analyzed. This article proposes an information system network security model, which formally describes the relationship between network behavior among nodes, security threats, network attacks, and defense capability of security devices in an information system. After that, a network security defense system measurement scheme is constructed based on hierarchical analysis, and quantitative indicators of defense effectiveness are defined in two dimensions: risk severity of security threats and defense response actions of security devices, which enables quantitative evaluation of the security defense system, and then identifies omissions and defects of the network security defense system. A defense system measurement and optimization system is designed based on the proposed network security system measurement and optimization scheme. The application analysis of the project is combined with the actual scenarios. Through the evaluation and optimization of the security defense system in the natural methods, it is proved that the network security defense system evaluation and optimization scheme proposed in this article has reasonableness and effectiveness in the actual application.

computer science, software engineering

Qin Qia,Zhiwen Wang

DOI: https://doi.org/10.4304/jnw.7.5.863-868

2012-01-01

Abstract:Intrusion Detection System (IDS) typically generates a huge number of alerts with high false rate , especially in the large scale network, which result in a huge challenge on the efficiency and accuracy of the network attack detection . In this paper, an entropy-based method is proposed to analyze the numerous IDS alerts and detect real network attacks. We use Shannon entropy to examine the distribution of the source IP address, destination IP address, source threat and destination threat and datagram length of IDS alerts; employ Renyi cross entropy to fuse the Shannon entropy vector to detect network attack. In the experiment, we deploy the Snort to monitor part of Xi’an Jiaotong University (XJTU) campus network including 32 C-class network (more than 4000 users), and gather more than 40,000 alerts per hour on average. The entropy-based method is employed to analyze those alerts and detect network attacks. The experiment result shows that our method can detect 96% attacks with very low false alert rate.

Xiaojun Tong,Zhangquan Zhao,Huimin Shuai,Zhu Wang

DOI: https://doi.org/10.1109/WCINS.2010.5541811

2010-01-01

Abstract:At present there are some worm detection systems, primarily for a single LAN or with hardware router environment, which main use worm propagation characteristics for detection and has high false alarm rate, but it is not applicable for large-scale network for detecting. This paper presents a distributed worm detection technology, which is divided into two parts, client end and the console end program. The system uses the rule-based detection methods to monitor network worms, and the console side manages and coordinates the multiple side work of detecting. Experimental results show that the method can be good applicable for worms conduct surveillance based on a single or multiple local area network and is used for worm alarming, the method has high detection rate and low false alarm rate. © 2010 IEEE.

Xi Chen

DOI: https://doi.org/10.54254/2755-2721/38/20230530

2024-02-07

Abstract:With the widespread application of computer network technology, computer network security defense capability has become a focus of attention in various industries. The extensive use of computer information systems in various sectors has significantly improved work efficiency but has also introduced security risks and management issues. The deployment of network security detection and control systems allows for effective security monitoring and management of computer operations and real-time network information. This paper presents a computer network security detection and control system based on human-computer interaction, which enables users to handle daily key business processes. The work principles and overall architecture of the network security detection and control system are analyzed and demonstrated. It offers functions such as filtering options, address rules, network security detection, network unreachability, overall traffic analysis, subnet definition, fault diagnosis, and security analysis. Testing and analysis indicate that the systems design achieves the intended goals. In the application of network security features, it can effectively combine various forces to enhance the quality and efficiency of network security, making it widely applicable in various industry units.