OALib Journal期刊
ISSN: 2333-9721
费用：99美元

投递稿件

查看量	下载量

相关文章
更多...

四川师范大学学报(自然科学版) 2013

利用贝叶斯预测和反向传播神经网络训练snort入侵检测规则方案的研究

, PP. 963-969

马博,慕德俊,袁丁

Keywords: 分布式拒绝服务攻击(DDOS),贝叶斯模式(Beyes),反向误差传播神经网络,数据训练,入侵检测系统(IDS)

Full-Text Cite this paper Add to My Lib

Abstract:

在网络安全问题中,一种分布式拒绝服务(Distributeddenyofservices)攻击严重威胁着现有的互联网.针对DDOS攻击基于神经网络算法的防护,因为现有算法收敛性能不高,过滤DDOS攻击包的速度过慢,无法投入大规模商业使用.本文针对这个问题,提出借助SNORT入侵检测平台,利用捕捉的网络数据包进行数据规整化,利用贝叶斯模式对正常数据和异常数据进行初步分离,使得能减少冗余训练数据对神经网络的输入,之后利用改进的反向传播神经网络进行前期数据训练,使训练产生的数据对检测模型进行优化,并且自动生成防御规则.其优势在于1)在linux系统上实现部分改进,使得现有包过滤效率增强,在攻击目标端生效之前可进行攻击拒绝;2)使用贝叶斯模型减少重复数据和不必要数据的输入,改进的神经网络算法使得训练收敛速度加快,方便规则的重新制定学习,以防新攻击.实验表明,本文方案在一定程度上提高了原有基于神经网络防护DDOS攻击的处理速度,也能够防护若干未知DDOS攻击,训练算法的收敛速度也得到进一步提升,并且该方案能在软件层面上提升自适应抗DDOS软件的性能.

References

[1]	[１] 李兵元,马新. 网络安全之防御DDOS攻击\[J\]. 新疆石油科技,2005,3(15):69-71.
[2]	Mirkovic J, Reiher P. Jelena M. A. ACM SIGCOMM Computer Communication Review,2004,34(2):39-54.
[3]	Octavian S, Edward W K. International Joint Conference on Neural Networks,1999,3:1672-1677.
[4]	Gil M, Poletto M. MULTOPS: A Data-structure for Bandwidth Attack Detection\[C\]//10th USENIX Security Symposium. Washington:USENIX Security Symposium,2001:23-38.
[5]	赵正佳,黄洪钟,陈新. 优化设计求解的遗传神经网络新算法研究\[J\]. 西南交通大学学报,2000,35(1):65-68.
[6]	Bonifcio Jr J M, Cansian M, De C A, et al. Neural Networks Applied in Intrusion Detection System:1\[C\]//Neural Networks Proceedings,1998. Anchorage, AK:IEEE World Congress on Computational Intelligence. The 1998 IEEE International Joint Conference on,1998:205-210.
[7]	施永益,黄忠东. 基于排队论和QoS 的电力系统主干网带宽估算\[J\]. 电力系统自动化,2002,26(18):50-53.
[8]	商琳,王金根. 一种基于多进化神经网络的分类方法\[J\]. 软件学报,2005,16(9):1577-1583.
[9]	Lippmann R, Cunningham R K, Fried D J, et al. Results of the DARPA 1998 Offline Intrusion Detection Evaluation \[C\]//West Lafayette:Recent Advances in Intrusion Detection,1999:829-835.
[10]	[１ Park K, Lee H. On the Effectiveness of Probabilistic Packet Marking for IP Traceback under Denial of Service Attack\[C\]//Anchorage, AK:INFOCOM 2001. Twentieth annual joint conference of the IEEE computer and communications societies,2001:338-347.
[11]	[１ Chen Y, Hwang K, Ku W. Collaborative detection of DDoS attacks over multiple network domains\[J\]. Parallel and Distributed Systems, IEEE Transactions on,2007,18(12):1649-1662.
[12]	[１ Yu J, Fang C, Lu L, et al. A Lightweight Mechanism to Mitigate Application Layer DDoS Attacks\[M\]. Berlin:Springer-verlag,2009:175-191.
[13]	[１ Yaar A, Perrig A, Song D P. A Path Identification Mechanism to Defend against DDoS Attacks\[C\]// Security and Privacy, 2003. Proceedings. L A:IEEE Computer Society Press,2003,1:93-107.
[14]	[１ Mirkovic J, Prier G, Reiher P. Attacking DDoS at the Source\[C\]//Network Protocols, 2002. Proceedings. 10th IEEE International Conference on. L A:IEEE Computer Society Press,2002,1:312-321.
[15]	[１ Parno B, Shi E, Perrig A, Portcullis: protecting connection setup from denial of capability attacks\[J\]. ACM SIGCOMM Computer Communication Review,2007,37(4):289-300.
[16]	[１ Xie Y, Yu S Z. Monitoring the Application-layer DDoS Attacks for Popular Websites\[C\]//Networking, IEEE/ACM Transactions on. L A:IEEE Communications Society Press,2009,17(1):15-25.

Full-Text

Contact Us

service@oalib.com

QQ:3279437679

WhatsApp +8615387084133