Computer Engineering and Applications ›› 2007, Vol. 43 ›› Issue (23): 164-166.

• 网络、通信与安全 • Previous Articles     Next Articles

Unsupervised Hebb rule based intrusion detection method

YAO Yao-zong1,LI De-chang1,LI Hui-ying1,JIN Xing2   

  1. 1.College of Computer Science and Technology,Jilin University,Changchun 130012,China
    2.College of Software,Jilin University,Changchun 130012,China
  • Received:1900-01-01 Revised:1900-01-01 Online:2007-08-11 Published:2007-08-11
  • Contact: YAO Yao-zong

基于无监督Hebb规则的入侵检测方法

么耀宗1,李德昌1,李慧盈1,金 星2   

  1. 1.吉林大学 计算机科学与技术学院,长春 130012
    2.吉林大学 软件学院,长春 130012
  • 通讯作者: 么耀宗

Abstract: Through analyzing existing intrusion detection methods,an unsupervised Hebb rule based intrusion detection method is put forward.All the network data grams can be caught through an efficient method.The network behavior variables are defined by the caught data gram information.Hebb rule is used to build the network behavior model.After building the behavior model,intrusion behavior can be detected through Hamming distance method.The experimental results prove that the intrusion detection method based on Hebb rule can correctly build the network behavior model and detect abnormal behavior in local area network accurately.

Key words: intrusion detection, Hebb rule, data gram, Hamming distance

摘要: 通过分析现有的入侵检测方法,提出了一个基于无监督Hebb规则的入侵检测方法。此方法采用高效的抓包工具抓取计算机网络数据包;根据抓取到的网络数据包的信息定义行为变量;根据无监督的Hebb规则构建网络行为模型;采用Hamming距离进行检测。实验证明该方法能够正确地构造网络行为模型,并能准确地检测出异常行为。

关键词: 入侵检测, Hebb规则, 数据包, Hamming距离