首页> 外文学位 >Multi-level anomaly based autonomic intrusion detection system.
【24h】

Multi-level anomaly based autonomic intrusion detection system.

机译:基于多级异常的自主入侵检测系统。

获取原文
获取原文并翻译 | 示例

摘要

The rapid growth and deployment of network technologies and Internet services has made security and management of networks a challenging research problem. This growth is accompanied by an exponential growth in the number of network attacks, which have become more complex, more organized, more dynamic, and more severe than ever. Current network protection techniques are static, slow in responding to attacks, and inefficient due to the large number of false alarms. Attack detection systems can be broadly classified as being signature-based, classification-based, or anomaly-based. In this dissertation, I present a multi-level anomaly based autonomic network defense system which can efficiently detect both known and unknown types of network attacks with a high detection rate and low false alarms. The system uses autonomic computing to automate the control and management of multi-level intrusion detection system and integrate the different components of the system. The system defends the network by detecting anomalies in network operations that may have been caused by network attacks. Like other anomaly detection systems, AND captures a profile of normal network behavior.;In this dissertation, I introduce experimental results that evaluate the effectiveness and performance of the multi-level anomaly based autonomic network intrusion detection system in detecting network attacks. The system consist of monitoring modules, feature aggregation and correlation modules, behavior analysis modules, decision fusion module, global visualization module, risk and impact analysis module, action module, attack classification module, and the adaptive learning module. I have successfully implemented a prototype system based on my multi-level anomaly based approach. The experimental results and evaluation of our prototype show that our multi-level intrusion detection system can efficiently and effectively detect and protect against any type of network attacks known or unknown in real-time. Furthermore, the overhead of our approach is insignificant on the normal network operations and services.
机译:网络技术和Internet服务的快速增长和部署使网络的安全性和管理成为一个具有挑战性的研究问题。这种增长伴随着网络攻击数量的指数增长,网络攻击比以往任何时候都变得更加复杂,更有组织,更加动态并且更加严重。当前的网络保护技术是静态的,对攻击的响应速度很慢,并且由于大量的错误警报而效率低下。攻击检测系统可以大致分为基于签名的,基于分类的或基于异常的。本文提出了一种基于多层异常的自主网络防御系统,该系统可以高效地检测已知和未知类型的网络攻击,且检测率高,误报率低。该系统使用自主计算来自动化多级入侵检测系统的控制和管理,并集成系统的不同组件。该系统通过检测可能由网络攻击引起的网络运行异常来保护网络。像其他异常检测系统一样,AND可以捕获正常网络行为的概况。本论文中,我介绍了一些实验结果,这些结果评估了基于多层异常的自主网络入侵检测系统在检测网络攻击方面的有效性和性能。该系统包括监视模块,特征聚合和关联模块,行为分析模块,决策融合模块,全局可视化模块,风险和影响分析模块,动作模块,攻击分类模块和自适应学习模块。我已经基于我的基于多层次异常的方法成功地实现了原型系统。我们的原型的实验结果和评估表明,我们的多层入侵检测系统可以有效地实时检测和防御任何类型的已知或未知的网络攻击。此外,我们的方法的开销对于正常的网络操作和服务而言微不足道。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有
  • 客服微信

  • 服务号