张宝军,潘雪增,王界兵,平玲娣

DOI: https://doi.org/10.3785/j.issn.1008-973X.2009.06.004

2009-01-01

Abstract:Real-time intrusion detection under current network environment exists the following problems: first, the scale of network is large, and a great deal of information needs to be processed, which requires large throughput to the intrusion detection system (IDS); second, the network environment is complex, and the data type is multiplex, accordantly, the intrusion detection system should has high accuracy. Aiming at these problems, a model of intrusion detection system was proposed. The model uses the distributed architecture based on multi-agent system and shows good expansibility, and can self-adjust according to the scale and bandwidth of network. The model uses technologies of anomaly intrusion detection and misuse intrusion detection together, and has low false alert rate and miss alert rate. Multi-attribute data abstraction is used in the model to grasp the feature of intrusion accurately and provide strong support for intrusion identification. The classifier is constructed with radial basis function (RBF) so as to have good extension to unknown intrusions, and can do effective judgment to unknown intrusions. Experimental results show that the system has large throughput and high accuracy, thus it is suitable for current network and has good practicability.

Lei Deng,De-yuan Gao

DOI: https://doi.org/10.1109/nswctc.2009.87

2009-01-01

Abstract:Intrusion Detection Systems (IDSs) are increasingly a key part of systems defense. Various approaches to Intrusion Detection are currently being used, but they are relatively ineffective. Recently applying Artificial Intelligence, machine learning and data mining techniques to IDS are increasing. Artificial Intelligence plays a driving role in security services. This paper proposes an Immune based Adaptive Intrusion Detection System Model (IAIDSM). Analyzing the training data obtaining from internet, the self behavior set and nonself behavior set can be obtained by the partitional clustering algorithm, then it extracts Self and nonself pattern sets from these two behavior sets by association rules and sequential patterns mining. The Self and nonself sets can update automatically and constantly online. So IAIDSM improves the ability of detecting new type intrusions and the adaptability of the system.

Ling ZHANG,Zhong-ying BAI,Yun-long LU,Ya-xing ZHA,Zhen-wen LI

DOI: https://doi.org/10.1016/s1005-8885(14)60290-9

2014-01-01

Abstract:The author puts forward an integrated intrusion detection (ID) model based on artificial immune (IIDAI), a vaccination strategy based on the significance degree of genes and a method to generate initial memory antibodies with rough set (RS). IIDAI integrates two kinds of intrusion detection mode: misuse detection and anonymous detection. Misuse detection and anonymous detection are applied to detect the known and the unknown attacks, respectively. On the basis of IIDAI model, an ID algorithm is presented. Simulation shows that the IIDAI has better performance than traditional ID methods in feasibility and effectiveness. It is very prone to achieve a higher convergence rate by using the vaccination strategy. Moreover, RS can remove the redundancy attributes and increase the detection speed. It can also increase detection rate by applying the integrated method.

Zhi-Yong Liu,Hong Qiao

DOI: https://doi.org/10.1007/11734628_26

2006-01-01

Abstract:Network security is an important issue for Intelligence and Security Informatics (ISI) [1-3]. As a complementary measure for traditional network security tools such as firewalls, the intrusion detection system (IDS) is becoming increasingly important and widely-used [4]. Generally speaking, the IDS works by building a model based on the normal data patterns and treating the operations that deviated significantly from the model as malicious. In its early stage of development, the IDS takes certain statistics (e.g., mean and variance) of the audit data to discriminate between the normal usage and attacks. Such systems are easy to construct; however, they suffer from a poor generalization ability to detect unknown or new attacks. Recently other models such as the finite Markov mode [5] and support vector machines [6] have been introduced into IDS, providing finer-grained characterization of normal users' behavior. In this report we investigate the potential application of the Hidden Markov Model (HMM) for intrusion detection.

ZHANG Ling,BAI Zhong-ying,LUO Shou-shan,XIE Kang,CUI Guan-ning,SUN Mao-hua

DOI: https://doi.org/10.3969/j.issn.1000-436x.2013.09.020

2013-01-01

Abstract:According to the problems of intrusion detection, an integrated intrusion detection model based on rough set and artificial immune (RSAI-IID) was proposed by using rough set and integrating misuse detection and anomaly detec-tion. The rough set method was used to achieve the vaccine which was injected in the model, to get better vaccine, and to optimum the performances of detection;misuse detection was used to get off the known intrusions; anomaly detection was used to detect the novel intrusions. RSAI-IID model was validated on KDD 99 dataset. The experimental results show its feasibility and effectiveness.

HU Jun-hua,ZHOU Yan-tao,GUO Ru-bing

DOI: https://doi.org/10.3321/j.issn:1000-2472.2006.06.028

2006-01-01

Abstract:Based on intrusion detection common intrusion detection framework(CIDF) architecture,a new network intrusion detection model of multi-data packages analysis was presented. In this model current affair was transacted by two steps through affair analyzer: First,we associated the current data packets with historical data packets,processed a clustering analysis and found out the historical data packets that were closely associated with current data packets;Then,we used Multiplayer Forward Neural Network to process a regression analysis to data packets,and obtained the results of intrusion detection.The simulation experimentation has proved that this model can check up the distribute intrusion affairs that is difficult to discover on traditional intrusion detection system(IDS).

王景新,戴葵,宋辉,王志英

DOI: https://doi.org/10.46382/mjbas.2022.6103

2022-01-01

Mediterranean Journal of Basic and Applied Sciences

Abstract:Artificial Intelligence (AI) breakthroughs in the last few years have accelerated dramatically as a result of the industry's vast technological use. Neural Networks (NN) is one of the most vital areas of AI, as they allow for commercial use of features that were previously not accessible via the use of computers. The Intrusion Detection System (IDS) is one of the areas in which Neural Networks are being extensively investigated to provide comprehensive computer network security and data confidentiality. During the realization of this work Artificial Neural Network (ANN) were used to shape the proposed model using a realistic CICIDS2017 dataset retrieved from the Canadian Institute for Cyber-Security (CIC) website. Following implementation and testing, it was discovered that the new model performs exceptionally well, with an average. In addition, the receiver operator characteristic curve (ROC) has a 9.999 % area under the Receiver Operator Characteristic Curve (AUC). Finally, it was discovered that the new model is exceptional and has a high level of accuracy. The new model will aid in an improved knowledge of various orders in which IDS research has been conducted. It will be useful for those working on AI-based solutions in IDS and similar domains. It is possible to enhance the new model's detection capabilities to incorporate all other lingering forms of incidents in this actual datasets, which contains all real-time and existing incidents.

Z Liu,L Tan,MT Zhou

DOI: https://doi.org/10.1142/9789812702654_0120

2004-01-01

Abstract:Among many kinds of IDSs(Intrusion Detection system),how to recognize and identify network intrusions is a base criterion to evaluate an IDS. Traditional IDS implements this by security rules matching. However, new network intrusions emerge in endlessly. Obviously this detecting way can't meet new situation's need and will be out of date in the near future. Aiming at this problem, This paper bring forward a new kind of recognition model of network intrusions which make use of immune antibody's self-organized learning ability and may accomplish the recognition for variation of network intrusions properly.

Wen Jie Tian,Ji Cheng Liu

DOI: https://doi.org/10.1109/CAR.2010.5456628

2010-01-01

Abstract:Intrusion Detection Systems (IDS) are increasingly a key part of systems defense. Various approaches to Intrusion Detection are currently being used, but they are relatively in effective. Recently applying Artificial Intelligence, machine learning and data mining techniques to IDS are increasing. Artificial Intelligence plays a driving role in security services. An intrusion detection method based on neural network and particle swarm optimization algorithm (PSOA) is presented in this paper. The novel structure model has higher accuracy and faster convergence speed. With the ability of strong self-learning and faster convergence, this intrusion detection method can detect various intrusion behaviors rapidly and effectively by learning the typical intrusion characteristic information. Utilizing the character that rough set can keep the discernability of original dataset after reduction, the reduces of the original dataset are calculated and used to train neural network, which increase the detection accuracy. We apply this technique on KDD99 data set and get satisfactory results. The experimental result shows that this intrusion detection method is feasible and effective.

Zhaobin Liu

2006-01-01

Abstract:Based on detection prevention-data fusion analysis and data mining-response,a layered intrusion prevention system(IPS) model is proposed.The IPS based on multi-sensor data fusion and data mining has more reasonable and availability than single system.This work improves the traditional firework technology and intrusion detection system,solves the problem of intranet safety,failing to report and attacking with new DoS incurred because of it.The design is the generalization.So it can be extended to other enterprise easily.

Qingtao Wu,Ruijuan Zheng,Guanfeng Li,Juwei Zhang

DOI: https://doi.org/10.1016/j.proeng.2011.08.643

2011-01-01

Abstract:It is difficult to detect the intention of an intruder, identify semantics of attacks and predict further attacks effectively using intrusion detection methods in the construction of high-level attack scene and disposal of sophisticated attack. An intrusion intention identification method based on dynamic Bayesian network is proposed for indeterminate problems that occur during sophisticated network attacks. This method applies dynamic Bayesian directed acyclic graphs to give real-time formulation of incidence among attack behaviors, intentions and attacks. It also applies probabilistic reasoning method to predict further attacks by an intruder. The result reflects varying histories of the intention of an intruder and demonstrates the effectiveness of the method.

Jh Sun,H Jin,H Chen,Q Zhang,Zf Han

DOI: https://doi.org/10.1007/978-3-540-39927-8_34

2003-01-01

Abstract:Intrusion detection systems (IDSs) have become a critical part of security systems. The goal of an intrusion detection system is to identify intrusion effectively and accurately. However, the performance of misuse intrusion detection system (MIDS) or anomaly intrusion detection system (AIDS) is not satisfying. In this paper, we study the issue of building a compound intrusion detection model, which has the merits of MIDS and, AIDS. To build this compound model, we propose an improved Bayesian decision theorem. The improved Bayesian decision theorem brings some profits to this model: to eliminate the flaws of a narrow definition for intrusion patterns, to extend the known intrusions patterns to novel intrusions patterns, to reduce risks that detecting intrusion brings to system and to offer a method to build a compound intrusion detection model that integrates MIDS with AIDS.

Jh Sun,H Jin,H Chen,Zf Han,Dq Zou

DOI: https://doi.org/10.1007/978-3-540-45080-1_91

2003-01-01

Abstract:Intrusion Detection Systems (IDSs) have become a critical part of security systems. The goal of an intrusion detection system is to block intrusion effectively and accurately. However, the performance of IDS is not satisfying. In this paper, we study the issue of building a data mining based intrusion detection model to raise the detection performance. The key ideas are to use data mining techniques to discover consistent and useful patterns for intrusion and use the set of patterns to recognize intrusion. By applying statistics inference theory to this model, the patterns mined from a set of test data are effective to detect the attacks in the same category, and therefore can detect most novel attacks that are variants of known attacks.

CHEN Yue-bing,FENG Chao,ZHANG Quan,TANG Chao-jing

DOI: https://doi.org/10.3969/j.issn.1000-436x.2012.02.018

2012-01-01

Journal of Communications

Abstract:According to the practical requirements of intrusion detection,an integrated artificial immune system (IAIS) was proposed.The system combined dendritic cell algorithm(DCA)and negative selection algorithm(NSA).DCA was used to detect behavioral features.NSA was used to detect structural features.IAIS was validated on KDD 99 dataset.Comparisons to other approaches were made.The experimental results show that the detection performance of IAIS is comparable to classic classification algorithm.IAIS does not rely on labeled data to train detectors.It combines behavioral features and structural features to detect intrusions in real-time mode.

Chi Zhang

2010-01-01

Journal of Computer Applications

Abstract:A technique for intrusion detection based on Adaptive Neuro-Intuitionistic Fuzzy Inference System (ANIFIS) was proposed with intuitionistic fuzzy set theory introduced into the area of information security.First,the properties and vulnerabilities of the existing intrusion detection methods were analyzed,and a model for intrusion detection on ANIFIS with Takagi-Sugeno type was established.Then,the inference rules of the system were devised,computational relations between layers of input and output and a synthesized computational expression of system output were ascertained.Subsequently,a learning algorithm of neural network was proposed,which could adjust network structure and study network parameters.Finally,the test results verify the validity of the technique and rationality of constructed model by providing intrusion detection instances with KDD CUP 99 dataset.

QIN Bo-ping,ZHOU Xian-wei,SONG Cun-yi

DOI: https://doi.org/10.3321/j.issn:1000-436x.2005.11.018

2005-01-01

Abstract:To the limitation of current intrusion detection models, an idea of formulating an intrusion detection model system （TAIDS） based on the GMTH Two-level algorithm was presented. With the joint of two-level algorithm and GMDH multi-stage iterate method, TAIDS would construct models simultaneously with data from different time range, which could enlarge the time range of the detected intrusive behavior. Through the analysis of the target system, relations between influential factors in intrusion were searched and an optimal model was built, which would decrease the false retrieval and fallout ratio efficiently. System framework and model algorithm were given also. This model system is proved to be effective from the comparison of emulating experiments on Snort and NIDES detection system.

Liang-Min Wang,Jian-Feng Ma,Yong-Zhao Zhan

DOI: https://doi.org/10.1504/ijaac.2007.013300

2007-01-01

International Journal of Automation and Control

Abstract:Modelling the intrusion is an open problem in Intrusion Tolerance System. But we find that alerts from the sensors of Intrusion Detection System (IDS) are helpful to solve this problem. An intrusion model based on correlating these alerts is presented in this paper, in which we place our emphasis on correlating these alerts to the intruders' inherence. Firstly, we correlate the alerts from IDS sensor into meta-attack in the constructing algorithm and then define cover as the reduction of meta-attack. Secondly, we transform the cover to intrusion model and give the proofs of the equivalences among intrusion model, meta-attack and its cover. Thirdly, we present an algorithm for describing the intrusion model without employing manual work. Finally, we do some correlation experiments to evaluate and show the performances of both the intrusion model and the algorithms for constructing and describing this model.

王飞,钱玉文,王执铨

DOI: https://doi.org/10.3969/j.issn.1000-3428.2010.12.056

2010-01-01

Abstract:This paper proposes an intrusion detection model based on Artificial Immune System(AIS)/Self Organizing Map(SOM).It detects anomaly attack by AIS,and applies SOM to the detected-anomaly classification.This model can detect the unknown attaction and get more information about intrusion due to the combinition with the advantages of misuse detection and anomaly detection,and simulates it with KDDCUP 99 data.Experimental results show that the method is effective,which can classify the detected anomaly connections and give more information about such anomaly connection with low false rate and high positive rate.

GUO Chen,LIANG Jia-rong,WANG Hou-Qian

DOI: https://doi.org/10.3969/j.issn.1673-5196.2005.04.022

2005-01-01

Abstract:The general situation and running mechanism of danger mode were expounded and a novel model of intrusion detection system based on danger model immune algorithm was developed.The system exhibited remarkably its high-efficiency of processing and its self-adaptive evolutionary ability,providing a new approach to the field of network security.

LIAN Jie,WANG Jie,LI Su-min,ZHU Xiang-qian

DOI: https://doi.org/10.3969/j.issn.1000-7024.2006.19.014

2006-01-01

Abstract:The immune theory of artificial immune system is introduced,the current intrusion detection system and its problems are analyzed.In order to solve these problems,an intrusion detection system model based on AIS is put forward.Detection rules are produced by negative selection algorithm.In the end,an implemental case of this system is given.The proposed intrusion detection system is designed to be adaptable,autonomy and robustness.