期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于Spark框架的分布式入侵检测方法 被引量:5

Distributed intrusion detection approach based on the Spark framework
下载PDF
导出
摘要 为以较低的误报率和较高的检测率对攻击和恶意行为进行实时检测,基于Spark框架和位置敏感哈希算法,提出一种分布式数据流聚类方法 DSCLS,能够处理实时数据流,可根据数据流速进行横向分布式扩展。基于DSCLS分布式聚类算法,建立网络入侵检测系统,能够高速实时分析数据流,聚类相关模式,实时检测已知攻击和入侵,能够对未知的新型攻击进行检测。理论分析和实验结果表明,与主流的数据流聚类算法D-Stream相比,DSCLS方法能够有效提高检测率并降低误报率,在时间性能和可扩展性方面更有优势。 To get lower false alarm rate and higher detection rate to detect attacks and malicious behavior,a distributed real-time data stream clustering method DSCLS based on the Spark framework and location sensitive Hash algorithm was proposed.The algorithm was not only able to handle real-time data streams,but could be laterally distributed and extended according to the data flow rate.A network intrusion detection prototype system based on the DSCLS distributed clustering algorithm was established.By using the DSCLS distributed clustering algorithm based on the Spark framework and the LSH algorithm,the system processed the data stream in real time,clustered related patterns,and provided real-time detection of known attacks and new unknown attacks.Theoretical analysis and experimental results show that,compared with the mainstream of the data stream clustering algorithm D-Stream,the DSCLS method can effectively improve the detection rate and reduce the false positive rate,and it has time advantage in terms of performance and scalability.
作者 左晓军 董立勉 曲武
机构地区 河北电力科学研究院 北京启明星辰信息安全技术有限公司核心研究院 清华大学计算机科学与技术系
出处 《计算机工程与设计》 北大核心 2015年第7期1720-1726,共7页 Computer Engineering and Design
基金 国家973重点基础研究发展计划基金项目(2007CB310803) 国家自然科学基金重点项目(61035004) 国家自然科学基金项目(60875029)
关键词 入侵检测 数据流 聚类 位置敏感哈希 DSCLS算法 intrusion detection systems data stream clustering algorithm local sensitive Hash DSCLS algorithm
分类号 TP391 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献19

  • 1Wang Gang, Hao Jinxing, Ma Jian, et al. A new approach to intrusion detection using artificial neural networks and fuzzy clustering [J]. Expert SystAppl, 2010, 37 (9), 6225-6232.
  • 2Rouhi R, Keynia F, Amiri M. Improving the intrusion detec- tion systems performance by correlation as a sample selection method [J]. Journal of Computer Sciences and Applications, 2013, 1 (3): 33-38.
  • 3Song J, Zhu Z, Scully P, et al. Selecting features for anomaly intrusion detection: A novel method using fuzzy C means and decision tree classification [M] //Cyberspace Safety and Secu- rity. Springer International Publishing, 2013: 299-307.
  • 4Idrees F, Rajarajan M, Memon AY. Framework for distribu- ted and self-healing hybrid intrusion detection and prevention system [C] //International Conference on ICT Convergence. IEEE, 2013: 277-282.
  • 5Kim G, Lee S, Kim S. A novel hybrid intrusion detection method integrating anomaly detection with misuse detection [J]. Expert Systems with Applications, 2014, 41 (4): 1690-1700.
  • 6Zaharia M, Chowdhury M, Franklin MJ, et al. Spark: Clus- ter computing with working sets [C] //Proceedings of the 2nd USENIX Conference on Hot Topics in Cloud Computing, 2010.
  • 7Chauhan A, Mishra G, Kumar G. Survey on data mining techniques in intrusion detection [M]. Lap Lambert Academic Publ, 2012.
  • 8Sabahi F, Movaghar A. Intrusion detection: A survey [C] // 3rd International Conference on Systems and Networks Commu- nications. IEEE, 2008: 23-26.
  • 9Visumathi J, Shanmuganathan KL, Junaid KAM. Misuse and anomaly-based network intrusion detection system using fuzzy and genetic classification algorithms [J ]. Fuzzy Systems, 2012, 4 (4): 137-141.
  • 10Shahnewaz SM, Asikur Rahman Md, Hasan Mahmud. Aself acting initial seed selection algorithm for k-means cluste- ring based on convex-hull [J]. Informatics Engineering and Information Science, 2011, 252 (5): 641-650.

同被引文献32

引证文献5

二级引证文献13

计算机工程与设计
2015年 第7期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部