基于感知哈希矩阵的最近邻入侵检测算法

doi:10.3969/j.issn.0372-2112.2019.07.019

电子学报 ›› 2019, Vol. 47 ›› Issue (7): 1538-1546.DOI: 10.3969/j.issn.0372-2112.2019.07.019

基于感知哈希矩阵的最近邻入侵检测算法

江泽涛¹, 周谭盛子¹, 韩立尧²

1. 桂林电子科技大学计算机与信息安全学院, 广西桂林 541004;
2. 西北工业大学计算机学院, 陕西西安 710129

收稿日期:2018-07-21 修回日期:2019-02-26 出版日期:2019-07-25
- 作者简介:
- 江泽涛 男.1961年出生于江西南昌.博士、教授.主要研究方向为信息安全、图像处理.E-mail:zetaojiang@126.com;周谭盛子 女.1993年出生于安徽宣城.硕士研究生.主要研究方向为信息安全.
- 基金资助:
- 国家自然科学基金 (No.61572147，No.61762066，No.61876049）; 广西科技计划 (No.AC16380108）; 广西图像图形智能处理重点实验 (No.GIIP201701，No.GIIP201801，No.GIIP201802，No.GIIP201803）; 广西研究生教育创新计划 (No.2018YJCX46）; 江西省自然科学基金 (No.20171BAB212015）

Nearest Neighbor Intrusion Detection Method Based on Perceived Hash Matrix

JIANG Ze-tao¹, ZHOU Tan-sheng-zi¹, HAN Li-yao²

1. College of Computer and Information Security, Guilin University of Electronic Technology, Guilin, Guangxi 541004, China;
2. College of Computer Science and Technology, Northwestern Polytechnical University, Xi'an, Shaanxi 710129, China

Received:2018-07-21 Revised:2019-02-26 Online:2019-07-25 Published:2019-07-25
- Supported by:
- National Natural Science Foundation of China (No.61572147, No.61762066, No.61876049); Science and Technology Project of Guangxi Zhuang Autonomous Region (No.AC16380108); Guangxi Key Laboratory of Image and Graphic and Intelligent Processing (No.GIIP201701, No.GIIP201801, No.GIIP201802, No.GIIP201803); Postgraduate Education Innovation Plan of Guangxi Province (No.2018YJCX46); Natural Science Foundation of Jiangxi Province (No.20171BAB212015)

摘要/Abstract

摘要： 针对目前入侵检测效率不高的问题，本文提出一种基于感知哈希矩阵的最近邻入侵检测算法.首先计算训练集中入侵检测对象的感知哈希描述子，并将感知哈希描述子拼接成感知哈希矩阵；然后利用设计好的量化函数对矩阵中的哈希描述子进行量化，并按照感知哈希的性质对矩阵进行约简和调整；在入侵检测阶段用该矩阵快速定位与待检测对象最相近的K个样本，利用K近邻的投票原则完成入侵检测任务.通过理论分析及在KDDCUP99数据集上的相关实验验证了该方法以O（n）的时间复杂度来快速定位最近邻的K个样本，在保持高检测率的同时降低了存储和计算方面的开销，从而更加有效的保护网络环境.

关键词: 入侵检测, 感知哈希矩阵, 量化函数, K近邻, 检测率

Abstract: In view of the low efficiency of current intrusion detection,this paper proposes a Nearest Neighbor Intrusion Detection algorithm based on Perceptual Hash Matrix. Firstly, the perceptual Hash descriptors of the intrusion detection object in the training set is calculated, and the perceptual Hash descriptors are spliced into a perceptual Hash matrix; Then use the designed quantization function to quantize the Hash digest in the matrix, and reduce and adjust the matrix according to the nature of the perceived Hash. In the intrusion detection phase, the matrix is used to quickly locate K samples closest to the object to be detected, using K nearest neighbors(KNN)'s voting principles to complete intrusion detection tasks. Theoretical analysis and related experiments on the KDDCUP99 dataset show that the method can quickly locate the nearest neighbor K samples with the O(n) of time complexity, which can reduce the overhead of storage and calculation while maintaining high detection rate, and more effectively protect the network environment.

Key words: intrusion detection, perceptual Hash matrix, quantization function, KNN, detection rate

中图分类号:

TP393.08

江泽涛, 周谭盛子, 韩立尧. 基于感知哈希矩阵的最近邻入侵检测算法[J]. 电子学报, 2019, 47(7): 1538-1546.

JIANG Ze-tao, ZHOU Tan-sheng-zi, HAN Li-yao . Nearest Neighbor Intrusion Detection Method Based on Perceived Hash Matrix[J]. Acta Electronica Sinica, 2019, 47(7): 1538-1546.

参考文献

[1] 冯子豪.Snort在工业控制系统入侵检测领域的改进及应用[D].北京:北京邮电大学,2017.
[2] Prachi Deshpande,S C Sharma,et al.HIDS:A host based intrusion detection system for cloud computing environment[J].International Journal of System Assurance Engineering and Management,2018,9(3):567-576.
[3] 高妮,高岭,贺毅岳,王海.基于自动编码网络特征降维的轻量级入侵检测模型[J].电子学报,2017,45(3):730-739. GAO N,GAO L,HE YY,WANG H.A lightweight intrusion detection model based on autoencoder network with feature reduction[J].Acta Electronica Sinica,2017,45(3):730-739.(in Chinese)
[4] 张思聪,谢晓尧,徐洋.基于dCNN的入侵检测方法[J/OL].清华大学学报(自然科学版):1-9.https://doi.org/10.16511/j.cnki.qhdxxb.2019.22.004.[2019-01-06].
[5] 梁杰,陈嘉豪,张雪芹,等.基于独热编码和卷积神经网络的异常检测[J/OL].清华大学学报(自然科学版):1-7.https://doi.org/10.16511/j.cnki.qhdxxb.2018.25.061.[2019-01-06].
[6] Chawla A,Lee B,Fallon S,et al.Host based intrusion detection system with combined cnn/rnn model[A].Proceedings of Second International Workshop on AI in Security[C].Dublin,Ireland,2018.149-158.
[7] Wagh S,Neelwarna G,Kolhe S.A Comprehensive Analysis and Study in Intrusion Detection System Using k-NN Algorithm.Multi-disciplinary Trends in Artificial Intelligence[M].Berlin Heidelberg:Springer,2012.143-154.
[8] Jain P,Kulis B,Dhillon IS,Grauman K.Online metric learning and fast similarity search[A].Proceedings of the 21st International Conference on Neural Information Processing Systems NIPS'08[C].USA:Curran Associates Inc,2008.761-768.
[9] Friedman JH,Bentley JL,Finkel RA.An algorithm for finding best matches in logarithmic expected time[J].ACM Trans Math Softw,1977,3(3):209-226.
[10] Liu T,Moore AW,Gray A.Efficient exact K-NN and nonparametric classification in high dimensions[A].Proceedings of the 16th International Conference on Neural Information Processing Systems[C].MIT Press,2003.265-272.
[11] Stolfo S J,Fan W,Lee W K,et al.Cost-Based Modeling for Fraud and Intrusion Detection:Results from the JAM Project[EB/OL].http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html,2011-06-27.
[12] Johnstone I M,Lu A Y.Sparse principal components analysis[J/OL].https://www.ixueshu.com/document/de76061077a4d849318947a18e7f9386.html,2004-02-01.
[13] 牛夏牧,焦玉华.感知哈希综述[J].电子学报,2008,36(7):1405-1411. NIU X M,JIAO Y H.An overview of perception Hashing[J].Acta Electronica Sinica,2008,36(7):1405-1411.(in Chinese)
[14] Tipping M,Bishop C.Probabilistic principal component analysis[J].Journal of the Royal Statistical Society,Series B,61,Part 3:611-622.

[1]	胡向东, 李之涵. 基于胶囊网络的工业互联网入侵检测方法[J]. 电子学报, 2022, 50(6): 1457-1465.
[2]	刘文军, 郭志民, 吴春明, 阮伟, 周伯阳, 周宁, 吕卓. 基于深度学习的配电网无线通信入侵检测系统[J]. 电子学报, 2020, 48(8): 1538-1544.
[3]	杨晓玲, 冯山, 袁钟. 基于相对距离的反k近邻树离群点检测[J]. 电子学报, 2020, 48(5): 937-945.
[4]	刘金平, 何捷舟, 马天雨, 张五霞, 唐朝晖, 徐鹏飞. 基于KELM选择性集成的复杂网络环境入侵检测[J]. 电子学报, 2019, 47(5): 1070-1078.
[5]	李艳, 王纯子, 黄光球, 赵旭, 张斌, 李盈超. 网络安全态势感知分析框架与实现方法比较[J]. 电子学报, 2019, 47(4): 927-945.
[6]	钱亚冠, 卢红波, 纪守领, 周武杰, 吴淑慧, 雷景生, 陶祥兴. 一种针对基于SVM入侵检测系统的毒性攻击方法[J]. 电子学报, 2019, 47(1): 59-65.
[7]	高妮, 高岭, 贺毅岳, 王海. 基于自编码网络特征降维的轻量级入侵检测模型[J]. 电子学报, 2017, 45(3): 730-739.
[8]	朱顺痣, 黄亮, 周长利, 马樱. 一种基于兴趣点分布的匿名框KNN查询方法[J]. 电子学报, 2016, 44(10): 2423-2431.
[9]	伍之昂, 庄毅, 王有权, 曹杰. 基于特征选择的推荐系统托攻击检测算法[J]. 电子学报, 2012, 40(8): 1687-1693.
[10]	宁卓;孙知信;龚俭;张维维. 利用流量特征的GIDS报文分类优化算法[J]. 电子学报, 2012, 40(3): 530-537.
[11]	肖喜;翟起滨;田新广;陈小娟;叶润国. 基于Shell命令和多阶Markov链模型的用户伪装攻击检测[J]. 电子学报, 2011, 39(5): 1199-1204.
[12]	努尔布力;柴胜;李红炜;胡亮;. 一种基于Choquet模糊积分的入侵检测警报关联方法[J]. 电子学报, 2011, 39(12): 2741-2747.
[13]	张昊;陶然;李志勇;蔡镇河. 基于KNN算法及禁忌搜索算法的特征选择方法在入侵检测中的应用研究[J]. 电子学报, 2009, 37(7): 1628-1632.
[14]	严宣辉. 应用疫苗接种策略的免疫入侵检测模型[J]. 电子学报, 2009, 37(4): 780-785.
[15]	周鸣争, 楚宁, 强俊. 基于构造性核覆盖算法的异常入侵检测[J]. 电子学报, 2007, 35(5): 862-867.

基于感知哈希矩阵的最近邻入侵检测算法

Nearest Neighbor Intrusion Detection Method Based on Perceived Hash Matrix

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics