摘要
针对传统协同网络入侵检测系统存在入侵检测性能较差的问题,文中设计一种基于双边转移概率矩阵的协同网络入侵检测系统。系统的硬件配置为数据采集模块,该模块由采集引擎、打包器与数据处理器构成。系统的软件构成包括协同模块、入侵检测模块、捕包模块和数据解析模块,其中,协同模块包括三个组成单元,分别是协同数据采集单元、协同数据分析单元以及协同系统响应单元;入侵检测模块负责对数据特征模式进行挖掘与评估,并以其阈值为依据比较知识库里的特征模式模板与挖掘的数据特征模式,当比较结果相似率较高,即进行告警,从而进行入侵检测;捕包模块能够通过半轮询捕包技术对数据包进行捕获;数据解析模块负责进行数据的解析。通过硬件与软件相结合实现协同网络入侵检测。为了证明该系统的入侵检测性能较好,将传统协同网络入侵检测系统与该系统进行对比实验,实验结果证明该系统的入侵检测性能优于传统系统。
In view of the poor performance of the traditional cooperative network intrusion detection system,a cooperative network intrusion detection system based on bilateral transfer probability matrix is designed.The hardware configuration of the system is data acquisition module,which consists of acquisition engine,packer and data processor.The software of the system consists of collaboration module,intrusion detection module,packet capture module and data analysis module.The collaboration module is composed of collaborative data collection unit,collaborative data analysis unit and collaborative system response unit.The intrusion detection module is responsible for mining and evaluating data feature patterns,and comparing the characteristic pattern template in the knowledge base based on its thresholds with the mined characteristic patterns.When the similarity rate between the feature pattern template and the mined data feature pattern is high,the alarm is given and the intrusion detection is carried out.The packet capture module can capture the data packet by means of the half polling packet capture technology.The data analysis module is responsible for the data analysis.The hardware and software are combined to achieve collaborative network intrusion detection.In order to prove the intrusion detection performance of the system,the traditional cooperative network intrusion detection system is compared with the system.The experimental results show that the performance of the system is better than that of the traditional system.
作者
刘冠秀
何柏青
LIU Guanxiu;HE Baiqing(School of Information Technology,Shangqiu Normal University,Shangqiu 476000,China;Nanchang Institute of Technology,Nanchang 330013,China)
出处
《现代电子技术》
2021年第14期133-137,共5页
Modern Electronics Technique
基金
国家自然科学基金项目(61461033)。
关键词
入侵检测
协同网络
双边转移概率矩阵
系统设计
数据采集
数据包捕获
数据解析
intrusion detection
cooperative network
bilateral transfer probability matrix
system design
data acquisition
data packet capture
data analysis
