摘要
分布式网络采用网状拓扑结构,传输链路数很大,在提高网络稳定性的同时也相应增加了遭受恶意入侵的风险。针对传统网络入侵行为检测系统设计存在的检测耗时长、准确率低、误报率高等不足,提出基于时序关联规则的分布式网络入侵攻击行为检测系统。基于时序关联规则算法原理,设计了入侵检测系统的硬件构成,系统硬件部分由数据采集、规则解析、协议解码、数据预处理及检测分析模块等部分构成;在入侵检测系统的软件算法流程方面,重点将入侵数据集变换为一种基于时序的项集矩阵,求解出相关的频繁项集及时序关联规则,实现对分布式网络入侵行为的精确检测。实验数据表明,提出的入侵系统设计具有良好的系统稳定性及检测效率,在检测精度和误报率控制方面也具有优势。
The distributed network adopting the mesh topology structure has a large number of transmission links,which can improve the network stability and increase the risk of vicious intrusion attacks.In view of the long time consumption,low accuracy and high false alarm rate existing in the traditional network intrusion behavior detection system,the research on distributed network intrusion behavior detection system based on temporal sequence association rules is proposed.On the principle of temporal sequence association rules algorithm,the hardware component of the intrusion detection system was designed.The hardware of the system is composed of data acquisition module,rules analysis module,protocol decoding module,data preprocessing module and detection analysis module.According to the process of software algorithm of intrusion detection system,the intrusion data set is converted into a item-set matrix based on time sequence to solve the relevant frequent item sets and time sequence association rules,and realize the accurate detection of the distributed network intrusion.The experimental data shows that the intrusion detection system has strong system stability and high detection efficiency,and advantages in detection accuracy and false positive rate control.
出处
《现代电子技术》
北大核心
2018年第3期107-110,共4页
Modern Electronics Technique
基金
基于OO的分布式JSON数据管理系统的研究与实践(zdkt2016-004)项目资助~~
关键词
分布式网络
时序关联规则
协议
入侵行为
检测
系统设计
distributed network
temporal sequence association rule
protocol
intrusion behavior
detection
system design
