HYBRID HIERARCHICAL NETWORK INTRUSION DETECTION
A prototype of three-layer network intrusion detection system (NIDS) was designed to improve the veracity and efficiency of intrusion detection. The NIDS deals with the network layer raw data, the application layer connection session and user network behaviors. The NIDS monitors payload of packets on network layer and analyzes attacks on application layer through packets reassembly and statistical process. The system created profile using Learning Vector Quantization (LVQ) and utilized the original LVQ algorithm to implement behavior classification. This approach exhibits the ability to detect the known and unknown network attacks.Experimental results show that the NIDS detect low-level network attacks effectively with low false positive rate and perform very well for detection of unknown attacks, especially for PROBE, DOS and U2R attacks.
Intrusion detection profile LVQ state transition KDD
HONG-YU YANG LI-XIA XIE
Software Research Center, Civil Aviation University of China, Tianjin 300300, China;Tianjin Key Lab Software Research Center, Civil Aviation University of China, Tianjin 300300, China
国际会议
2006 International Conference on Machine Learning and Cybernetics(IEEE第五届机器学习与控制论坛)
大连
英文
2702-2706
2006-08-13(万方平台首次上网日期,不代表论文的发表时间)