计算机工程与应用 ›› 2009, Vol. 45 ›› Issue (17): 88-90.DOI: 10.3778/j.issn.1002-8331.2009.17.027

• 网络、通信、安全 • 上一篇    下一篇

高速网络环境下的自适应入侵检测方法研究

史志才   

  1. 上海工程技术大学 电子电气工程学院,上海 201620
  • 收稿日期:2008-04-07 修回日期:2008-06-30 出版日期:2009-06-11 发布日期:2009-06-11
  • 通讯作者: 史志才

Research on intrusion detection with self-adaptability for high-speed network

SHI Zhi-cai   

  1. Electronic & Electric Engineering Institute,Shanghai University of Engineering Science,Shanghai 201620,China
  • Received:2008-04-07 Revised:2008-06-30 Online:2009-06-11 Published:2009-06-11
  • Contact: SHI Zhi-cai

摘要: 为了实现高速网络环境下的入侵检测,对入侵检测的机理进行探讨,将入侵检测归结于不完备数据集上的推理过程,提出知识库的相似度、完备度等概念,并用其对知识库的规模和增长速度进行控制,从而保证入侵检测在有限规模的空间中进行搜索。同时,采用信息增益等方法将入侵检测转换到低维空间上进行。实验结果表明上述方法有效降低了入侵检测系统的计算负荷,提高了其实时响应性能。

关键词: 计算机网络, 信息安全, 入侵检测

Abstract: In order to detect intrusions of high-speed network,the mechanism of intrusion detection is discussed.Intrusion detection is reduced to an inference procedure on an incomplete data set.The concepts of self-similarity degree and completeness degree of the knowledge base are proposed.They are used to control the scale and increasing speed of the knowledge base so that intrusion detection is assured to be proceeded in a limited space.At the same time,information gain is used to make intrusion detection to running in a lower space.The experiments show that the proposed method reduces the calculation load of intrusion detection systems effectively and enhances its real time performance.

Key words: computer network, information security, intrusion detection