基于级联AdaBoost的Snort异常检测预处理插件研究
张雪松
【期刊名称】《科学技术与工程》 【年(卷),期】2011(011)017
【摘要】在开源网络入侵检测系统Snort的预处理阶段加入了一种新的预处理插件,插件中使用改进的AdaBoost算法进行异常网络流量的特征提取和构造每一级AdaBoost分类器,然后用级联的结构将多个AdaBoost分类器做线性组合共同完成入侵检测,组合系数通过自适应学习得到.实验表明,该插件可以有效地检测Snort规则集中无可匹配特征的异常网络流量,降低Snort系统对于异常流量检测的漏报率和误报率,满足高速网络环境对入侵检测实时性的要求.%A new preprocessor plug-in is added to an open source network intrusion detection system named Snort. An improved Adabeost algorithm is used in this plug-in to select anomaly network traffic features and to construct each Adabeost classifier at different level, then several Adaboost classifiers are combined in linear combination manner to complete intrusion detection task, the combine coefficients can be learned by adaptive learning method.Experimental results show that this plug-in can efficiently detect anomaly network traffics which do not have matched signatures in snort rules, it can also decrease snort's false negative rate and false positive rate for anomaly network traffic detection and satisfy the real-time demand to intrusion detection system in high speed network environment.
基于级联AdaBoost的Snort异常检测预处理插件研究
