作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程

• 安全技术 • 上一篇    下一篇

基于网络流统计数据的伪装入侵检测

刘文怡,薛 质,王轶骏   

  1. (上海交通大学电子信息与电气工程学院,上海 200240)
  • 收稿日期:2013-06-18 出版日期:2014-07-15 发布日期:2014-07-14
  • 作者简介:刘文怡(1989-),女,硕士研究生,主研方向:网络与信息安全;薛 质,教授、博士生导师;王轶骏,讲师。
  • 基金资助:
    信息网络安全公安部重点实验室开放课题基金资助项目(C12612)。

Masquerade Intrusion Detection Based on Network Flow Statistical Data

LIU Wen-yi, XUE Zhi, WANG Yi-jun   

  1. (School of Electronic Information and Electrical Engineering, Shanghai Jiaotong University, Shanghai 200240, China)
  • Received:2013-06-18 Online:2014-07-15 Published:2014-07-14

摘要: 伪装入侵是指非授权用户伪装成合法用户进入系统访问关键数据或执行非法操作的行为,现有伪装入侵检测方法大多通过获取用户敏感数据对用户特征进行建模。针对上述问题,提出一种基于网络流统计数据的伪装入侵检测方法,使用网络流统计数据作为用户特征,并结合AdaBoost与支持向量机对用户特征进行训练与预测。在一个真实网络抓包数据集上的实验结果表明,该方法能在有效抵御伪装入侵的同时不侵犯用户隐私,系统检测率为97.5%、误报率为1.1%,且系统检测延时仅为毫秒级,证明了其检测性能优于现有伪装入侵检测方法。

关键词: 伪装入侵, 支持向量机, 网络流, 机器学习, 分类器, 隐私保护

Abstract: Masquerade intrusion is attack by unauthorized users to obtain access to confidential data or conduct other illegal operation. Currently, masquerade detection largely depends on the retrieval of user’s sensitive information to model the user characteristics. To avoid the violation of user privacy, this paper proposes a new masquerade intrusion detection method based on network flow statistical data. User Characteristic modeling is illustrated in details and a hybrid algorithm combining AdaBoost and Support Vector Machine(SVM) is also introduced to train and predict user behavior. Experiments on a real packet data set show that the method can resist masquerade intrusion, preserve user privacy, and its system detection rate is 97.5%, false positive rate is 1.1% when delay is in milliseconds, prove that the detection performance of this method is better than the existing methods.

Key words: masquerade intrusion, Support Vector Machine(SVM), network flow, machine learning, classifier, privacy protection

中图分类号: