电子学报 ›› 2019, Vol. 47 ›› Issue (7): 1538-1546.DOI: 10.3969/j.issn.0372-2112.2019.07.019

• 学术论文 • 上一篇    下一篇

基于感知哈希矩阵的最近邻入侵检测算法

江泽涛1, 周谭盛子1, 韩立尧2   

  1. 1. 桂林电子科技大学计算机与信息安全学院, 广西桂林 541004;
    2. 西北工业大学计算机学院, 陕西西安 710129
  • 收稿日期:2018-07-21 修回日期:2019-02-26 出版日期:2019-07-25
    • 作者简介:
    • 江泽涛 男.1961年出生于江西南昌.博士、教授.主要研究方向为信息安全、图像处理.E-mail:zetaojiang@126.com;周谭盛子 女.1993年出生于安徽宣城.硕士研究生.主要研究方向为信息安全.
    • 基金资助:
    • 国家自然科学基金 (No.61572147,No.61762066,No.61876049); 广西科技计划 (No.AC16380108); 广西图像图形智能处理重点实验 (No.GIIP201701,No.GIIP201801,No.GIIP201802,No.GIIP201803); 广西研究生教育创新计划 (No.2018YJCX46); 江西省自然科学基金 (No.20171BAB212015)

Nearest Neighbor Intrusion Detection Method Based on Perceived Hash Matrix

JIANG Ze-tao1, ZHOU Tan-sheng-zi1, HAN Li-yao2   

  1. 1. College of Computer and Information Security, Guilin University of Electronic Technology, Guilin, Guangxi 541004, China;
    2. College of Computer Science and Technology, Northwestern Polytechnical University, Xi'an, Shaanxi 710129, China
  • Received:2018-07-21 Revised:2019-02-26 Online:2019-07-25 Published:2019-07-25
    • Supported by:
    • National Natural Science Foundation of China (No.61572147, No.61762066, No.61876049); Science and Technology Project of Guangxi Zhuang Autonomous Region (No.AC16380108); Guangxi Key Laboratory of Image and Graphic and Intelligent Processing (No.GIIP201701, No.GIIP201801, No.GIIP201802, No.GIIP201803); Postgraduate Education Innovation Plan of Guangxi Province (No.2018YJCX46); Natural Science Foundation of Jiangxi Province (No.20171BAB212015)

摘要: 针对目前入侵检测效率不高的问题,本文提出一种基于感知哈希矩阵的最近邻入侵检测算法.首先计算训练集中入侵检测对象的感知哈希描述子,并将感知哈希描述子拼接成感知哈希矩阵;然后利用设计好的量化函数对矩阵中的哈希描述子进行量化,并按照感知哈希的性质对矩阵进行约简和调整;在入侵检测阶段用该矩阵快速定位与待检测对象最相近的K个样本,利用K近邻的投票原则完成入侵检测任务.通过理论分析及在KDDCUP99数据集上的相关实验验证了该方法以On)的时间复杂度来快速定位最近邻的K个样本,在保持高检测率的同时降低了存储和计算方面的开销,从而更加有效的保护网络环境.

关键词: 入侵检测, 感知哈希矩阵, 量化函数, K近邻, 检测率

Abstract: In view of the low efficiency of current intrusion detection,this paper proposes a Nearest Neighbor Intrusion Detection algorithm based on Perceptual Hash Matrix. Firstly, the perceptual Hash descriptors of the intrusion detection object in the training set is calculated, and the perceptual Hash descriptors are spliced into a perceptual Hash matrix; Then use the designed quantization function to quantize the Hash digest in the matrix, and reduce and adjust the matrix according to the nature of the perceived Hash. In the intrusion detection phase, the matrix is used to quickly locate K samples closest to the object to be detected, using K nearest neighbors(KNN)'s voting principles to complete intrusion detection tasks. Theoretical analysis and related experiments on the KDDCUP99 dataset show that the method can quickly locate the nearest neighbor K samples with the O(n) of time complexity, which can reduce the overhead of storage and calculation while maintaining high detection rate, and more effectively protect the network environment.

Key words: intrusion detection, perceptual Hash matrix, quantization function, KNN, detection rate

中图分类号: