مشخصات مقاله | |
ترجمه عنوان مقاله | یک سیستم تشخیص نفوذ براساس یک مدل کمی حالت تعامل بین درگاه ها |
عنوان انگلیسی مقاله | An Intrusion Detection System Based on a Quantitative Model of Interaction Mode Between Ports |
انتشار | مقاله سال 2019 |
تعداد صفحات مقاله انگلیسی | 16 صفحه |
هزینه | دانلود مقاله انگلیسی رایگان میباشد. |
پایگاه داده | نشریه IEEE |
نوع نگارش مقاله |
مقاله پژوهشی (Research Article) |
مقاله بیس | این مقاله بیس نمیباشد |
نمایه (index) | Scopus – Master Journals List – JCR |
نوع مقاله | ISI |
فرمت مقاله انگلیسی | |
ایمپکت فاکتور(IF) |
4.641 در سال 2018 |
شاخص H_index | 56 در سال 2019 |
شاخص SJR | 0.609 در سال 2018 |
شناسه ISSN | 2169-3536 |
شاخص Quartile (چارک) | Q2 در سال 2018 |
مدل مفهومی | ندارد |
پرسشنامه | ندارد |
متغیر | ندارد |
رفرنس | دارد |
رشته های مرتبط | مهندسی کامپیوتر، مهندسی فناوری اطلاعات |
گرایش های مرتبط | هوش مصنوعی، شبکه های کامپیوتری |
نوع ارائه مقاله |
ژورنال |
مجله / کنفرانس | دسترسی – IEEE Access |
دانشگاه | Tianjin Key Laboratory of Intelligence Computing and Novel Software Technology, Tianjin University of Technology, Tianjin 300384, China |
کلمات کلیدی | تشخیص ناهنجاری، حالت تعامل بین درگاه ها، تشخیص نفوذ، شبکه عصبی، بازسازی فضای فاز |
کلمات کلیدی انگلیسی | Anomaly detection, interaction mode between ports, intrusion detection, neural network, phase space reconstruction |
شناسه دیجیتال – doi |
https://doi.org/10.1109/ACCESS.2019.2951839 |
کد محصول | E13988 |
وضعیت ترجمه مقاله | ترجمه آماده این مقاله موجود نمیباشد. میتوانید از طریق دکمه پایین سفارش دهید. |
دانلود رایگان مقاله | دانلود رایگان مقاله انگلیسی |
سفارش ترجمه این مقاله | سفارش ترجمه این مقاله |
فهرست مطالب مقاله: |
Abstract I. Introduction II. Related Works III. PIMDL Model and its Characteristic Analysis IV. Neural Network and Intrusion Detection V. Experimental Results Analysis Authors Figures References |
بخشی از متن مقاله: |
Abstract
Considering the characteristics of network traffic on the data link layer, such as massive highspeed data flow, information camouflaged easily, and the phenomenon that abnormal traffic is much smaller than the normal one, an intrusion detection system (IDS) based on the quantitative model of interaction mode between ports is proposed. The model gives the quantitative expression of Port Interaction Mode in Data Link Layer (PIMDL), focusing on improving the accuracy and efficiency of the intrusion detection by taking the arrival time distribution of traffic. The feasibility of the model proposed is proved by the phase space reconstruction and visualization method. According to the characteristics of long and short sessions, a neural network based on CNN and LSTM is designed to mine the differences between normal and abnormal models. On this basis, an improved Intrusion Detection algorithm based on a multi-model scoring mechanism is designed to classify sessions in model space. And the experiments show that the quantitative model and the improved algorithm proposed can not only effectively avoid camouflage identity information, but also improve computational efficiency, as well as increase the accuracy of small sample anomaly detection. Introduction To avoid the serious losses caused by network attacks, it is important to build an effective intrusion detection model to explore the existing characteristic rules in mass traffic data. As a branch of machine learning, deep learning can recognize the internal law of a certain kind of things to the maximum through training multilayer neural network, so it has a unique advantage to explore the internal law of abnormal attack traffic in massive network traffic data. Among the many problems involved in intrusion detection, the anomaly detection method is the most important one, and its key point is to design a feature set that can accurately describe network traffic [1], [2]. At present, many data sets, such as KDD’99 [3], NSL-KDD [4], UNSW-NB15 [5], CIC-IDS-2017 [6], ISCX [7], which are widely used in intrusion detection systems, have a large capacity and rich characteristics, and the neural network can be used to mine the internal rules of these data sets to realize the intrusion detection. There are a lot of achievements in previous studies, while ignoring several problems. Firstly, to obtain the previous feature set from the initial traffic, it is necessary to check all the traffic data in the first two seconds and the first 100 connections at the end of the session, however, the intrusion detection system cannot be too complex because of the massive and high-speed traffic characteristics, in practice, according to previous research methods, building feature sets from the real-time generated initial traffic will cause a lot of computational burdens. Secondly, previous studies have trained neural networks based on a large number of high-level protocol information (e.g. logon status, flag). When attackers camouflage these attributes, the classification accuracy of neural networks will be greatly affected. |