摘要
提出了一种基于ARMA网络流量模型的CFAR入侵检测系统。采用ARMA模型对网络流量进行预测,并运用雷达信号处理中的恒误警CFAR技术,选取检测阀值以判定是否存在入侵信号。利用林肯实验室DARPA数据对系统进行试验,结果表明,此方法与AR预测模型相比,具有更高的检测率和更低的误警率。
A constant false alarm rate (CFAR) intrusion detection method based on autoregressive moving average (ARMA) model is proposed in this paper. The network flow can be predicted by using the ARMA model, and an appropriate detection threshold is chosen through the CFAR in radar signal processing, which can decide whether an intrusion signal exists or not. According to the simulations based on the DARPA datasets of Lincoln Lab and the comparisons with the intrusion detection system (IDS) based on autoregressive (AR) model, the results show that the detective probability is higher and the false alarm rate is lower by using this proposed method.
出处
《信息技术》
2007年第5期14-16,21,共4页
Information Technology
基金
教育部留学回国人员科研启动基金资助项目