基于自适应免疫计算的网络攻击检测研究

摘要/Abstract

摘要： 互联网与生俱来的开放性和交互性的特征,导致攻击者能利用网络的漏洞对网络进行破坏。网络攻击一般具有隐蔽性和高危害性,因此有效地检测网络攻击变得极为重要。为了解决大部分检测算法只能检测一类网络攻击且检测延迟高等问题,提出了一种基于自体集密度自动划分聚类方法的阴性选择算法,简称DAPC-NSA。该算法采用基于密度的聚类算法对自体训练数据进行预处理,对其进行聚类分析,剔除噪声并生成自体检测器;然后根据自我检测器生成非我检测器,同时利用自我检测器和非我检测器来检测异常。文中最后进行了模拟入侵检测实验,结果表明,相比于其他检测算法,该算法不仅能同时检测6种攻击,具有较高的检测率和较低的误测率,而且检测时间短,能达到实时检测的目标。

关键词: DAPC-NSA, 攻击检测, 检测器, 网络安全, 网络攻击模拟, 自适应免疫

Abstract: The Internet is inherently open and interactive,making the attacker use the network vulnerabilities to destroy the network.Network attacks are generally conceal and highly hazardous,so how to effectively detect network attacks becomes extremely important.In order to solve the problem that most of the detection algorithms can only detect a kind of network attack,and the detection delay is high,this paper proposed a negative selection algorithm based on density automatic partition clustering method with self-set,referred to DAPC-NSA.The algorithm uses the density clustering algorithm to preprocess the self-training data,performs cluster analysis on the training data,eliminates the noise,and generates the self-detector.And then it generates the nonself-detector according to the self-detector,and uses the self-detector and nonself-detector to detect the anomalies.The simulated intrusion detection experiment was carried out.The experiment shows that the algorithm can not only detect six kinds of attacks simultaneously,but also has the higher detection rate and the lower false alarm rate.The detection time is short compared with other detection algorithm,and it can achieve the target of real-time detection.

Key words: Attack detection, DAPC-NSA, Detectors, Network attack simulation, Network security, Self-adaptive immune

中图分类号:

TP183

陈晋音,徐轩桁,苏蒙蒙. 基于自适应免疫计算的网络攻击检测研究[J]. 计算机科学, 2018, 45(6A): 364-370. https://doi.org/

CHEN Jin-yin,XU Xuan-yan,SU Meng-meng. Research on Network Attack Detection Based on Self-adaptive Immune Computing[J]. Computer Science, 2018, 45(6A): 364-370. https://doi.org/

参考文献

[1]XIONG W,HU H N,XIONG N,et al.Anomaly secure detection methods by analyzing dynamic characteristics of the network traffic in cloud communications[J].Information Scinces,2014(258):403-415.
[2]SPEROTTO A,SCHAFFRATH G,SADRE R,et al.An Overview of IP Flow-Based Intrusion Detection[C]∥IEEE Communications Surveys & Tutorials.2010:343-356.
[3]KIM M S,KONG H J,HONG S C,et al.A Flow-based Method for Abnormal Network Traffic Detection[C]∥Proc. IEEE/IFIP Network Network Operations and Management Symposium.2004:599-612.
[4]TAN Z Y,JAMDAGNI A,HE X,et al.A System for Denial-of-Service Attack Detection Based on Multivariate Correlation Analysis[J].IEEE Transactions on Parallel and Distributed Systems,2014,25(2):447-456.
[5]IGLESIAS F,ZSEBY T.Analysis of network traffic features for anomaly detection[J].Machine Learning,2015,101(1-3):59-84.
[6]JYOTHI V,WANG X Y,ADDEPALLI S K,et al.BRAIN:Behavior based Adaptive Intrusion detection in Networks:Using Hardware Performance Counters to detect DDoS Attacks[C]∥29th International Conference on VLSI Design and 2016 15th International Conference on Embedded Systems.2016:587-588.
[7]CHEN Y,HWANG K,KU W S,et al.Collaborative Detection of DDoS Attacks over Multiple Network Domains[J].IEEE Transactions on Parallel and Distributed Systems,2007,18(12):1649-1662.
[8]LEE K,KIM J,KWON K H,et al.DDoS attack detection method using cluster analysis[J].Expert Systems with Applications,2008,34(3):1659-1665.
[9]SIRIS V A,PAPAGALOU F.Application of Anomaly Detection Algorithms for Detecting SYN Flooding Attacks[J].Computer Communications,2006,29(9):1433-1442.
[10]CHEN W,YEUNG D Y.Defending Against TCP SYN Flooding Attacks Under Different Types of IP Spoofing[C]∥Proceedings of the International Conference on Networking.2006:38.
[11]WANG H N,ZHANG D L,SHIN K G.Detecting SYN Flooding Attacks[C]∥IEEE INFOCOM.2002:1530-1539.
[12]VIS I F A,DE KOSTER R.Transshipment of containers at a container terminal:an overview[J].European Journal of Operational Research,2003,147(1):1-16.
[13]FORREST S,PERELSON A S,ALLEN L,et al.Self-nonself discrimination in a computer[C]∥Proceeding of the IEEE Symposium on Research in Security and Privacy.Oakland:IEEE,1994:202-212.
[14]JI Z.A boundary-aware negative selection algorithm[C]∥Proceedings of IASTED International Conference of Artificial Intelligence and Soft Computing(ASC 2005).Spain,2005:379-384.
[15]JI Z,DASGUPTA D.Real-valued negative selection algorithm with variable-sized detectors[M]∥Genetic and Evolutionary Computation－GECOO 2004.Springer Berlin Heidelberg,2004:287-298.
[16]ZHOU J,DIPANKAR D.V-detector:An efficient negative se- lection algorithm with “probablyadequate” detector coverage[J].Information Sciences,2009,179(10):1390-1406.
[17]GONG M G,ZHANG J,MA J J,et al.An efficient negative selection algorithm with further training for anomaly detection[J].Knowledge-Based Systems,2012,30(2):185-191.
[18]XU X P,ZHAO P Z.Research on fault data classification based onimproved V- detector algorithm[J].Application Research of Computers,2013,30(10):2951-2953.
[19]HOQUE N,BHUYAN M H,BAISHYA R C,et al.Network attacks:Taxonomy,tools and systems[J].Journal of Network and Computer Applications,2014,40(1):307-324.
[20]PILLI E S,JOSHI R C,NIYOGI R.Data Reduction by Identification and Correlation of TCP/IP Attack Attributes for Network Forensics[C]∥International Conference and Workshop on Emerging Trends in Technology.2011:276-283.

相关文章 15

[1]	柳杰灵, 凌晓波, 张蕾, 王博, 王之梁, 李子木, 张辉, 杨家海, 吴程楠. 基于战术关联的网络安全风险评估框架 Network Security Risk Assessment Framework Based on Tactical Correlation 计算机科学, 2022, 49(9): 306-311. https://doi.org/10.11896/jsjkx.210600171
[2]	王磊, 李晓宇. 基于随机洋葱路由的LBS移动隐私保护方案 LBS Mobile Privacy Protection Scheme Based on Random Onion Routing 计算机科学, 2022, 49(9): 347-354. https://doi.org/10.11896/jsjkx.210800077
[3]	沈祥培, 丁彦蕊. 多检测器融合的深度相关滤波视频多目标跟踪算法 Multi-detector Fusion-based Depth Correlation Filtering Video Multi-target Tracking Algorithm 计算机科学, 2022, 49(8): 184-190. https://doi.org/10.11896/jsjkx.210600004
[4]	赵冬梅, 吴亚星, 张红斌. 基于IPSO-BiLSTM的网络安全态势预测 Network Security Situation Prediction Based on IPSO-BiLSTM 计算机科学, 2022, 49(7): 357-362. https://doi.org/10.11896/jsjkx.210900103
[5]	陶礼靖, 邱菡, 朱俊虎, 李航天. 面向网络安全训练评估的受训者行为描述模型 Model for the Description of Trainee Behavior for Cyber Security Exercises Assessment 计算机科学, 2022, 49(6A): 480-484. https://doi.org/10.11896/jsjkx.210800048
[6]	邓凯, 杨频, 李益洲, 杨星, 曾凡瑞, 张振毓. 一种可快速迁移的领域知识图谱构建方法 Fast and Transmissible Domain Knowledge Graph Construction Method 计算机科学, 2022, 49(6A): 100-108. https://doi.org/10.11896/jsjkx.210900018
[7]	郭星辰, 俞一彪. 具有仿冒攻击检测的鲁棒性说话人识别 Robust Speaker Verification with Spoofing Attack Detection 计算机科学, 2022, 49(6A): 531-536. https://doi.org/10.11896/jsjkx.210500147
[8]	杨亚红, 王海瑞. 基于Renyi熵和BiGRU算法实现SDN环境下的DDoS攻击检测方法 DDoS Attack Detection Method in SDN Environment Based on Renyi Entropy and BiGRU Algorithm 计算机科学, 2022, 49(6A): 555-561. https://doi.org/10.11896/jsjkx.210800095
[9]	吕鹏鹏, 王少影, 周文芳, 连阳阳, 高丽芳. 基于进化神经网络的电力信息网安全态势量化方法 Quantitative Method of Power Information Network Security Situation Based on Evolutionary Neural Network 计算机科学, 2022, 49(6A): 588-593. https://doi.org/10.11896/jsjkx.210200151
[10]	杜鸿毅, 杨华, 刘艳红, 杨鸿鹏. 基于网络媒体的非线性动力学信息传播模型 Nonlinear Dynamics Information Dissemination Model Based on Network Media 计算机科学, 2022, 49(6A): 280-284. https://doi.org/10.11896/jsjkx.210500043
[11]	李鹏宇, 刘胜利, 尹小康, 刘昊晖. 面向Cisco IOS的ROP攻击检测方法 Detection Method of ROP Attack for Cisco IOS 计算机科学, 2022, 49(4): 369-375. https://doi.org/10.11896/jsjkx.210300153
[12]	张师鹏, 李永忠. 基于降噪自编码器和三支决策的入侵检测方法 Intrusion Detection Method Based on Denoising Autoencoder and Three-way Decisions 计算机科学, 2021, 48(9): 345-351. https://doi.org/10.11896/jsjkx.200500059
[13]	周仕承, 刘京菊, 钟晓峰, 卢灿举. 基于深度强化学习的智能化渗透测试路径发现 Intelligent Penetration Testing Path Discovery Based on Deep Reinforcement Learning 计算机科学, 2021, 48(7): 40-46. https://doi.org/10.11896/jsjkx.210400057
[14]	李贝贝, 宋佳芮, 杜卿芸, 何俊江. DRL-IDS:基于深度强化学习的工业物联网入侵检测系统 DRL-IDS:Deep Reinforcement Learning Based Intrusion Detection System for Industrial Internet of Things 计算机科学, 2021, 48(7): 47-54. https://doi.org/10.11896/jsjkx.210400021
[15]	李娜娜, 王勇, 周林, 邹春明, 田英杰, 郭乃网. 基于特征重要度二次筛选的DDoS攻击随机森林检测方法 DDoS Attack Random Forest Detection Method Based on Secondary Screening of Feature Importance 计算机科学, 2021, 48(6A): 464-467. https://doi.org/10.11896/jsjkx.200900101

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed