摘要
论文探讨在新的网络软硬件环境、各种新的攻击工具与方法下,建立一个实际的网络入侵异常检测系统的可行性。为此,论文建立一个基于Linux主机的入侵检测实验环境,在同时提供多种正常服务的条件下实施攻击、提取特征并应用最小二乘支持向量机(LS-SVM)检测入侵。结果表明检测系统设计合理,特征提取及检测方法有效。
This paper aims at exploring the feasibility of establishing an anomaly detection system for network intrusion under the up-to-date hardware and software environment and all sorts of newly-invented attacking tools and methods.For this purpose,a Linux-hosted intrusion detection experimental system is set up,and attacks are laughed while the Linux server providing normal services,and then an LS-SVM classifier is used as a intrusion detector,which uses fea-tures real-timely abstracted.The experiment shows that the anomaly detection system is reasonably designed,the extracted features are effective,and the IDS system can detect accurately both known and unknown attacks.
出处
《计算机工程与应用》
CSCD
北大核心
2005年第2期120-124,共5页
Computer Engineering and Applications
基金
国家自然科学基金项目(编号:69974014)
国家重点基础研究发展规划项目(编号:2002CB32200)
教育部科学技术研究重点项目(编号:00053)
关键词
支持向量机
入侵检测
特征抽取
异常检测
Support Vector Machines(SVM),Intrusion Detection System(IDS),feature extraction,anomaly detection
