摘要
为了有效提升传统入侵检测方法的检测效率,提出基于改进白名单过滤的跨网入侵检测方法。首先,组建有效的数据存储结构,设定相应的白名单规则及配置对报文数据进行初次过滤;然后,采用神经网络对白名单规则进行完善,将训练学习结果输入到过滤器中,二次过滤不符合白名单规则的报文数据;提高跨网异常通信检测率。最后,以粒子群优化算法为基础,引入自适应变异过程优化BP神经网络训练参数,避免BP神经网络训练学习结果陷入局部最优,保证检测结果的有效性。实验结果表明,与传统方法相比,所提方法的检测效率有很大程度的提升。
In order to effectively improve the detection efficiency of traditional intrusion detection methods,an in-ter-network intrusion detection method based on improved whitelist filtering is proposed.First,set up an effective da-ta storage structure,set the corresponding whitelist rules and configuration to filter the packet data for the first time;then,use the neural network to perfect the whitelist rules,input the training learning results into the filter,carry out the secondary filter of packet data that do not meet the whitelist rule,and improve the detection rate of cross-network anomaly communication.Finally,based on the particle swarm optimization algorithm,the adaptive mutation process is introduced to optimize the BP neural network training parameters,which avoids the BP neural network training learning results falling into local optimum and ensure the validity of the test results.The experimental results show that compared with the traditional method,the detection efficiency of the proposed method is greatly improved.
作者
刘洋
LIU Yang(People's Hospital,Peking University,Beijing 100044,China)
出处
《计算机仿真》
北大核心
2020年第1期385-389,共5页
Computer Simulation
关键词
改进白名单
过滤
跨网入侵检测
Improvedwhitelist
Filtering
Cross-network intrusion detection
