基于信息论的入侵检测最佳响应方案

田有亮; 吴雨龙; 李秋贤

doi:10.11959/j.issn.1000-436x.2020111

您当前的位置：

首页 >

文章列表页 >

基于信息论的入侵检测最佳响应方案

学术论文 | 更新时间：2024-06-05

- 基于信息论的入侵检测最佳响应方案
- Optimum response scheme of intrusion detection based on information theory
- 通信学报 2020年41卷第7期页码：121-130
- 作者机构：
  
  1. 贵州大学计算机科学与技术学院，贵州贵阳 550025
  2. 贵州省公共大数据重点实验室，贵州贵阳 550025
  3. 贵州大学密码学与数据安全研究所，贵州贵阳 550025
- 作者简介：
  
  [ "田有亮（1982– ），男，贵州盘县人，博士，贵州大学教授，主要研究方向为博弈论、密码学与安全协议" ]
  [ "吴雨龙（1995– ），男，贵州贵阳人，贵州大学硕士生，主要研究方向为密码学与网络安全" ]
  [ "李秋贤（1992– ），女，河南温县人，贵州大学硕士生，主要研究方向为密码学与理性密码协议" ]
- 基金信息：
  
  国家自然科学基金资助项目(U1836205);国家自然科学基金资助项目(61662009);国家自然科学基金资助项目(61772008);贵州省教育厅科技拔尖人才基金资助项目([2016]060);贵州省科技重大专项计划基金资助项目(20183001);贵州省科技计划基金资助项目([2017]5788);教育部—中国移动科研基金研发资助项目(MCM20170401);贵州省联合基金资助项目(LKT201216);贵州省联合基金资助项目(LH20147476)
- DOI：10.11959/j.issn.1000-436x.2020111
  中图分类号： TP309
- 网络出版日期：2020-07，
  
  纸质出版日期：2020-07-25
- 稿件说明：
移动端阅览
田有亮, 吴雨龙, 李秋贤. 基于信息论的入侵检测最佳响应方案[J]. 通信学报, 2020,41(7):121-130.

Youliang TIAN, Yulong WU, Qiuxian LI. Optimum response scheme of intrusion detection based on information theory[J]. Journal on communications, 2020, 41(7): 121-130.
田有亮, 吴雨龙, 李秋贤. 基于信息论的入侵检测最佳响应方案[J]. 通信学报, 2020,41(7):121-130. DOI： 10.11959/j.issn.1000-436x.2020111.

Youliang TIAN, Yulong WU, Qiuxian LI. Optimum response scheme of intrusion detection based on information theory[J]. Journal on communications, 2020, 41(7): 121-130. DOI： 10.11959/j.issn.1000-436x.2020111.

摘要

入侵检测系统经常不可避免地出现误警、漏警错误而导致系统的重大安全隐患，然而当前未能找到一种行之有效的解决方案。针对该问题，提出一种基于信息论的入侵检测最佳响应模型。首先，将入侵检测过程中的入侵者和入侵检测系统抽象成随机变量，并根据对抗结果构建了入侵者和入侵检测系统的攻防模型。其次，根据攻防模型设计入侵检测系统的防守信道，将入侵检测系统的正确检测转换成防守信道成功传输1 bit信息问题。最后，通过分析防守信道的信道容量来衡量系统防守能力，其防守信道的最大互信息量就是入侵检测系统的防守极限能力，其对应的策略分布就是系统的防守能力最佳响应策略。实验结果表明，所提方案能够有效地降低系统误警和漏警所造成损失。

Abstract

Intrusion detection system (IDS) often inevitably presents major security risks caused by FPs and FNs.However

at present

an effective solution has not been found.In order to solve this problem

an optimal response model of intrusion detection based on information theory was proposed.Firstly

the intruder and IDS in the process of intrusion detection were abstracted into random variables

and the attack and defense model of intruder and IDS was constructed according to the results of the confrontation.Secondly

the defense channel of IDS was designed according to the attack and defense model

then the correct detection of IDS was transformed into the problem of successful transmission of 1 bit information in defensive channel.Finally

the defensive capability of the system was measured by analyzing the channel capacity of the defensive channel

the maximum mutual information of the defensive channel was the defensive limit capability of the IDS

and the corresponding strategy distribution was the optimal response strategy of the defensive capability of the system.The experimental results show that the scheme can effectively reduce the loss caused by FPs and FNs.

关键词

Keywords

references

WU S X , BANZHAF W W . The use of computational intelligence in intrusion detection systems:a review [J ] . Applied Soft Computing , 2010 , 10 ( 1 ): 1 - 35 .

ZHU J M , RAGHUNATHAN S . Evaluation model of information security technologies based on game theoretic [J ] . Chinese Journal of Computers , 2009 , 32 ( 4 ): 828 - 834 .

RHEE H , RYU Y . Evaluation of intrusion detection systems under a resource constraint [J ] . ACM Transaction on Information and System Security , 2008 , 11 ( 4 ): 95 - 118 .

CAVUSOGLU H , RAGHUNATHAN M S . The value of intrusion detection systems in information technology security architecture [J ] . Information Systems Research , 2005 , 16 ( 1 ): 28 - 46 .

TIAN Y L , LI Q X , HU J , et al . Secure limitation analysis of public-key cryptography for smart card settings [J ] . World Wide Web , 2020 ( 23 ): 1423 - 1440 .

SUBBA B , BISWAS S , KARMAKAR S . False alarm reduction in signature-based IDS:game theory approach [J ] . Security and Communication Networks , 2016 , 9 ( 18 ): 4865 - 4881 .

ANDERSON J P . Computer security threat monitoring and surveillance [Z ] .[S.n.:s.l. ] ,(1980-04-15)[2020-03-24 ] . [S.n.:s.l.] ,

DENNING D E . An intrusion-detection model [J ] . IEEE Transactions on Software Engineering , 1987 , 13 ( 2 ): 222 - 232 .

ATHANASIADES N , ABLER R , LEVINE J , et al . Intrusion detection testing and benchmarking methodologies [J ] . IEEE Proceedings First IEEE International Workshop on Information Assurance , 2003 : 63 - 72 .

JIANG J C , MA H T , REN D E , et al . A survey of intrusion detection research on network security [J ] . Journal of Software , 2000 , 11 ( 11 ): 1460 - 1466 .

PAXSON V . Bro:a system for detecting network intruders in realtime [J ] . Computer Networks , 1999 , 31 ( 23-24 ): 2435 - 2463 .

GARCÍA-TEODORO P , DÍAZ-VERDEJO P , MACIÁ-FERNÁNDEZ G . et al . Anomaly-based network intrusion detection:techniques,systems and challenges [J ] . Computers ＆ Security , 2009 , 28 ( 1-2 ): 18 - 28 .

LIN W C , KE S W , TSAI C F . CANN:an intrusion detection system based on combining cluster centers and nearest neighbors [J ] . Knowledge-Based Systems , 2015 , 78 : 13 - 21 .

CHEN P , DESMET L , HUYGENS C . A study on advanced persistent threats [C ] // 15th International Conference on Communications and Multimedia Security . New York:ACM Press , 2014 : 63 - 72 .

FRIEDBERG I , SKOPIK F , SETTANNI G , et al . Combating advanced persistent threats [J ] . Computers ＆ Security , 2015 , 48 ( C ): 35 - 57 .

ZHANG Y , PAN X M , QING Z L , et al . APT attacks and defenses [J ] . Journal of Tsinghua University (Science and Technology) , 2017 ( 11 ): 10 - 16 .

RUBIO J E , ALCARAZ C , ROMAN R , et al . Current cyber-defense trends in industrial control systems [J ] . Computers ＆ Security , 2019 :87.

LUH R , JANICKE H , SCHRITTWIESER S . AIDIS:detecting and classifying anomalous behavior in ubiquitous kernel processes [J ] . Computers ＆ Security , 2019 ( 84 ): 120 - 147 .

MOON D , IM H , KIM I , et al . DTB-IDS:an intrusion detection system based on decision tree using behavior analysis for preventing APT attacks [J ] . The Journal of Supercomputing , 2015 ( 73 ): 1 - 15 .

VRIES J D , HOOGSTRAATEN H , BERG J V D , et al . Systems for detecting advanced persistent threats:a development roadmap using intelligent data analysis [C ] // International Conference on Cyber Security . Piscataway:IEEE Press , 2013 .

PIETRASZEK T , . Using adaptive alert classification to reduce false positives in intrusion detection [C ] // International Workshop on Recent Advances in Intrusion Detection—RAID 2004 . Berlin:Springer , 2004 : 102 - 124 .

HACHMI F , BOUJENFA K , LIMAM M . Enhancing the accuracy of intrusion detection systems by reducing the rates of false positives and false negatives through multi-objective optimization [J ] . Journal of Network ＆ Systems Management , 2019 , 27 ( 1 ): 93 - 120 .

ZONOUZ S A , KHURANA H , SANDERS W H , et al . RRE:a game-theoretic intrusion Response and Recovery Engine [J ] . IEEE Transactions on Parallel and Distributed systems , 2013 , 25 ( 2 ): 395 - 406 .

CUPPENS N , CUPPENS F , VERAGRA J , et al . An ontology-based approach to react to network attacks [J ] . International Journal of Information ＆ Computer Security , 2008 , 3 ( 3/4 ): 280 - 305 .

吴姚睿 , 刘淑芬 . 基于攻击群模型的协同入侵的响应方法 [J ] . 电子学报 , 2009 , 37 ( 11 ): 2416 - 2419 .

WU Y R , LIU S F . A response method for cooperative intrusions based on the attack group model [J ] . Acta Electronica Sinica , 2009 , 37 ( 11 ): 2416 - 2419 .

TIAN Y L , GUO J , WU Y L , et al . Towards attack and defense views of rational delegation of computation [J ] . IEEE Access , 2019 , PP ( 99 ):1.

杨义先 , 钮心忻 . 安全通讯 [M ] . 北京 : 电子工业出版社 , 2018 .

YANG Y X , NIU X X . The general theory of information security [M ] . Beijing : Publishing House of Electronics IndustryPress , 2018 .

LIN W C , KE S W , TSAI C F . CANN:an intrusion detection system based on combining cluster centers and nearest neighbors [J ] . Knowledge-Based Systems , 2015 ( 78 ): 13 - 21 .

MOUSTAFA N , SLAY J . UNSW-NB15:a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set) [C ] // 2015 Military Communications and Information Systems Conference . Piscataway:IEEE Press , 2015 : 1 - 6 .

MOUSTAFA N , SLAY J . The evaluation of network anomaly detection systems:statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set [J ] . Information Security Journal A Global Perspective , 2016 , 25 ( 1-3 ): 1 - 14 .

彭凌西 , 谢冬青 , 付颖芳 , 等 . 基于危险理论的自动入侵响应系统模型 [J ] . 通信学报 , 2012 , 33 ( 1 ): 136 - 144 .

PENG L X , XIE D Q , FU Y F , et al . Automated intrusion response system model based on danger theory [J ] . Journal on Communications , 2012 , 33 ( 1 ): 136 - 144 .

浏览量

550

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于安全联邦蒸馏GAN的工业CPS协作入侵检测系统

混合双跳PLC-FSO通信系统的性能分析

内网环境下基于时空事件关联的攻击检测方法

基于遍历微小单元法非直视非共面紫外光通信信道容量分析

基于混合储能和能量捕获的多接入信道容量建模与分析