Computer Engineering and Applications ›› 2007, Vol. 43 ›› Issue (30): 120-123.

• 网络、通信与安全 • Previous Articles     Next Articles

Instant intrusion detection system based on neural network

ZHONG Zhao-man1,LI Cun-hua2,3,GUAN Yan1,2   

  1. 1.Department of Computer,Lianyungang Teacher’s College,Lianyungang,Jiangsu 222006,China
    2.College of Information Engineering,Yangzhou University,Yangzhou,Jiangsu 225009,China
    3.Department of Computer Science,Huaihai Institute of Technology,Lianyungang,Jiangsu 222005,China
  • Received:1900-01-01 Revised:1900-01-01 Online:2007-10-21 Published:2007-10-21
  • Contact: ZHONG Zhao-man

基于神经网络的实时入侵检测系统的研究和实现

仲兆满1,李存华2,3,管 燕1,2   

  1. 1.连云港师范高等专科学校 计算机科学与技术系,江苏 连云港 222006
    2.扬州大学 信息工程学院,江苏 扬州 225009
    3.淮海工学院,计算机科学与技术系,江苏 连云港 222005
  • 通讯作者: 仲兆满

Abstract: According to the characteristics of the attacks against TCP/IP protocol,transferring layer data packets can be classified into three types(namely UDP,TCP and ICMP) and handled respectively.The three types of packets are used as input to train and formulate different neural networks for intrusion detection.With the proposed method,a novel instant intrusion detection system is designed and achieved.The system has favorable usability,extensibility and the parameters of the network structure can be flexibly adjusted to achieve satisfactory detection performance.Experimental results prove that disposing data packets respectively can reduce the time of neural network training and improve the accuracy of network intrusion detection.

摘要: 根据TCP/IP协议族攻击的特征,提出在传输层上将捕获的数据包分成三类(UDP、TCP和ICMP)分别进行编码并输入到三个不同的神经网络中训练、检测。根据以上思想设计并实现了一个基于BP神经网络的实时入侵检测系统的原型。该原型系统具有通用性和可扩展性,能够根据需要灵活调整网络结构和训练参数,可以发展为更精确的网络入侵检测系统。最后给出了实验设计及其结果,证明了文中对数据包分类处理的方法既能减少网络训练的次数,又能提高网络检测的精度。