| 基于网络的入侵检测系统数据包采样策略研究 |
| |
| 作者姓名: | 王卫平 朱卫未 陈文惠 梁 樑 |
| |
| 作者单位: | 中国科学技术大学 信息管理与决策系 安徽 合肥 230052 |
| |
| 摘 要: | 入侵检测是信息安全研究的重要组成部分,基于网络的入侵检测系统通过详细分析计算机网络中传输的网络数据包进行入侵检测。由于检测速率与数据包采集速率不匹配,以及检测所需成本的限制,在收集用于检测的网络数据包时,必须选择有效的采样策略。本文引入博弈模型框架上的原始入侵数据包采样策略,在此基础上再进行分析和扩展。本文针对单一采样策略的缺陷与不足,引入风险管理的思想来分析在决策者不同效用偏好情况下的采样策略选择问题,并且通过具体的实例,说明了基于风险差异的采样策略选择的有效性。
|
| 关 键 词: | 入侵检测、采样策略、博弈理论方法、风险管理 |
An Analyse of Packet Sampling Strategy of Network-based Intrusion Detection System |
| |
| Authors: | WANG Wei-Ping ZHU Wei-Wei CHEN Wen-Hui LIANG Liang |
| |
| Institution: | School of Management, University of Science & Technology of China, Hefei 230052 China |
| |
| Abstract: | Intrusion detection is an important part of the information security research, and the network-based intrusion detection system accomplish the detection by examine the network packets. Since sampling entails incurring network costs for real-time packet sampling and packet examination hardware, we would like to develop a network packet sampling strategy to effectively detect network intrusions while not exceeding the velocity of the packet examination. We consider this problem in a game theoretic framework and introduce sampling schemes that are optimal in this game theoretic setting by the Minimax theorem and the max-flow min-cut theorem. According to the limitation and scarcity of this single intrusion node method, We introduce a method of risk management and extend the solution to more complex cases to solve the choice of sampling strategy while facing more various environments. At last, we provide an empirical study to exemplify our improved method. |
| |
| Keywords: | Intrusion detection sampling strategy game theoretic approach risk management |
|
| 点击此处可从《》浏览原始摘要信息 |
| 点击此处可从《》下载免费的PDF全文 |
