摘要
目前,成熟的商用入侵检测系统都是基于特征或者规则的精确匹配,如果攻击模式过于特殊或者攻击者采用一些躲避检测的手段,就容易产生误报或漏报,从而降低入侵检测系统的准确性。针对当前入侵检测系统存在的缺陷,提出了一种基于案例推理技术(Case-Based Reasoning,CBR)的入侵检测系统模型,并在该模型基础上提出了基于Snort的预处理模型以避免推理产生的系统资源过度消耗问题;提出了基于分层结构的案例库维护模型以解决案例质量问题和访问效率问题;设计了一种基于变权值的CBR引擎搜索匹配算法以提高搜索精度。仿真实验证明了上述系统可以有效地解决躲避攻击问题,其检测正确率较传统系统有所改善。
At present, mature eommereial intrusion detection systems usually adopt precise matching based on features or rules. If an attack mode is too special or an attacker adopts some evading detection techniques, it will lead to high false positive or false negative, thereby reducing the accuracy of whole system. To solve those problems, this paper proposes an intrusion detection system model based on case-based reasoning, then puts forward the pretreatment model based on snort to avoid the problem of excessive consumption of system resources caused by reasoning, and uses layered struc- ture case base maintenance model to solve the problems of case quality and access speed, designs an improved matching algorithm based on variable weights for CBR engine to improve searching accuracy. Simulation results show that the above system can solve the problem of evading detection successfully and has been improved in detection rate compared with traditional systems.
出处
《信息工程大学学报》
2011年第3期363-368,共6页
Journal of Information Engineering University
基金
国家863计划资助项目(2009AA01A346)
