Анализ и классификация методов обнаружения сетевых атак
Ключевые слова:
сетевые атаки, обнаружение злоупотреблений, обнаружение аномалий, сетевой трафикАннотация
В работе рассматриваются различные методы обнаружения сетевых атак. Основное внимание уделяется построению обобщенной классификационной схемы методов обнаружения сетевых атак, представлению сущности каждого из рассмотренных методов и их сравнительному анализу в рамках предложенной классификационной схемы.Литература
1. Лукацкий А.В. Обнаружение атак // СПб.: БХВ-Петербург. 2003. 608 с.
2. Kumar S., Spafford E.H. A Pattern Matching Model for Misuse Intrusion Detection // Proceedings of the 17th National Computer Security Conference. 1994. pp. 11–21.
3. Ghorbani A.A., Lu W., Tavallaee M. Network Intrusion Detection and Prevention: Concepts and Techniques // Springer Science & Business Media. 2009. 212 p.
4. Шаньгин В.Ф. Информационная безопасность компьютерных систем и сетей // М.: ИД «ФОРУМ»: ИНФРА-М. 2008. 416 с.
5. Anderson J.P. Computer Security Threat Monitoring and Surveillance // Technical report. Fort Washington, Pennsylvania. 1980.
6. Denning D.E. An Intrusion-Detection Model // IEEE Transactions on software engineering. 1987. vol. SE-13. Issue 2. pp. 222–232.
7. Jyothsna V., Prasad V.V.R. A Review of Anomaly Based Intrusion Detection Systems // International Journal of Computer Applications. 2011. vol. 28. no. 7. pp. 26–35.
8. Baddar S.A.-H., Merlo A., Migliardi M. Anomaly Detection in Computer Networks: A State-of-the-Art Review // Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications. 2014. vol. 5. no. 4. pp. 29–64.
9. Gyanchandani M., Rana J.L., Yadav R.N. Taxonomy of Anomaly Based Intrusion Detection System: A Review // International Journal of Scientific and Research Publications. 2012. vol. 2. Issue 12. pp. 1–13.
10. Tsai C.F., Hsub Y.F., Linc C.Y., Lin W.Y. Intrusion detection by machine learning: A review // Expert Systems with Applications. 2009. vol. 36. Issue 10. pp. 11994–12000.
11. Wu S.X., Banzhaf W. The Use of Computational Intelligence in Intrusion Detection Systems: A Review // Applied Soft Computing. 2010. vol. 10. Issue 1. pp. 1–35.
12. Kabiri P., Ghorbani A.A. Research on Intrusion Detection and Response: A Survey // International Journal of Network Security. 2005. vol. 1. no. 2. pp. 84–102.
13. Debar H., Dacier M., Wespi A. Towards a taxonomy of intrusion-detection systems // Computer Networks. 1999. vol. 31. Issue 8. pp. 805–822.
14. Barford P., Plonka D. Characteristics of Network Traffic Flow Anomalies // Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement. 2001. pp. 69–73.
15. Kim S.S., Reddy A.L. Statistical techniques for detecting traffic anomalies through packet header data // IEEE/ACM Transactions on Networking (TON). 2008. vol. 16. Issue 3. pp. 562–575.
16. Barford P., Kline J., Plonka D., Ron A. A signal analysis of network traffic anomalies // Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurement. 2002. pp. 71–82.
17. Brindasri S., Saravanan K. Evaluation Of Network Intrusion Detection Using Markov Chain // International Journal on Cybernetics & Informatics (IJCI). 2014. vol. 3. no. 2. pp. 11–20.
18. Ye N., Chen Q. An Anomaly Detection Technique Based on a Chi‐square Statistic for Detecting Intrusions into Information Systems // Quality and Reliability Engineering International. 2001. vol. 17. Issue 2. pp. 105–112.
19. Brockwell P.J., Davis R.A. Introduction to Time Series and Forecasting // Springer Science & Business Media. 2006. 434 p.
20. Lee W., Xiang D. Information-theoretic measures for anomaly detection // Security and Privacy. 2001. pp. 130–143.
21. Gu Y., McCallum A., Towsley D. Detecting Anomalies in Network Traffic Using Maximum Entropy Estimation // Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement. 2005. pp. 32–32.
22. Babaie T., Chawla S., Ardon S. Network Traffic Decomposition for Anomaly Detection // URL: http://arxiv.org/pdf/1403.0157.pdf, 2014 (Дата обращения: 08.03.2016).
23. Крылов В.В., Самохвалова С.С. Теория телетрафика и ее приложения // СПб.: БХВ-Петербург. 2005. 288 с.
24. Mazurek M., Dymora P. Network anomaly detection based on the statistical self-similarity factor for HTTP protocol // Przeglad elektrotechniczny, ISSN. 2014. pp. 127–130.
25. Lee K., Kim J., Kwon K.H., Han Y., Kim S. DDoS attack detection method using cluster analysis // Expert Systems with Applications. 2008. vol. 34. Issue 3. pp. 1659–1665.
26. Snort. Open Source Intrusion Detection System // URL: https://www.snort.org/ (дата обращения: 22.03.2016).
27. Suricata. Open Source IDS/IPS/NSM engine // URL: http://suricata-ids.org/ (дата обращения: 22.03.2016).
28. Ilgun K., Kemmerer R.A., Porras P.A. State Transition Analysis: A Rule-Based Intrusion Detection Approach // IEEE Transactions on Software Engineering. 1995. vol. 21. Issue 3. pp. 181–199.
29. Kumar S., Spafford E.H. A software architecture to support misuse intrusion detection // Proceedings of the 18th National Information Security Conference. 1995. pp. 194–204.
30. Zhu W., Zhou Q., Li P. Intrusion detection based on model checking timed interval temporal logic // IEEE International Conference on Information Theory and Information Security (ICITIS). 2010. pp. 503–505.
31. Kruegel C., Toth T. Using Decision Trees to Improve Signature-Based Intrusion Detection // Recent Advances in Intrusion Detection. 2003. pp. 173–191.
32. DARPA Intrusion Detection Data Sets // URL: https://www.ll.mit.edu/ideval/data/ (дата обращения: 22.03.2016).
33. Heckerman D. A Tutorial on Learning with Bayesian Networks // Innovations in Bayesian Networks: Theory and Applications. 2008. vol. 156. pp. 33–82.
34. Barbara D., Wu N., Jajodia S. Detecting Novel Network Intrusions Using Bayes Estimators // Proceedings of the First SIAM International Conference on Data Mining. 2001. pp. 1–17.
35. Mukkamala S., Sung A.H., Abraham A., Ramos V. Intrusion Detection Systems Using Adaptive Regression Splines // Sixth International Conference on Enterprise Information Systems. 2006. pp. 211–218.
36. Ranjan R., Sahoo G. A new clustering approach for anomaly intrusion detection // International Journal of Data Mining & Knowledge Management Process (IJDKP). 2014. vol. 4. no. 2. pp. 29–38.
37. Guan Y., Ghorbani A.A., Belacel N. Y-means: a clustering method for intrusion detection // Canadian Conference on Electrical and Computer Engineering, 2003. vol. 2. pp. 1083–1086.
38. Wang Y. A multinomial logistic regression modeling approach for anomaly intrusion detection // Computers & Security. 2005. vol. 24. Issue 8. pp. 662–674.
39. Sammany M., Sharawi M., El-Beltagy M., Saroit I. Artificial Neural Networks Architecture for Intrusion Detection Systems and Classification of Attacks // The 5th international conference INFO2007. 2007. pp. 24–26.
40. Moradi M., Zulkernine M. A Neural Network Based System for Intrusion Detection and Classification of Attacks // Proceedings of the IEEE International Conference on Advances in Intelligent Systems-Theory and Applications. 2004.
41. Selim S., Hashem M., Nazmy T.M. Intrusion Detection using Multi-Stage Neural Network // International Journal of Computer Science and Information Security (IJCSIS). 2010. vol. 8. no. 4. pp. 14–20.
42. Cannady J. Artificial Neural Networks for Misuse Detection // Proceedings of the 21st National Information Systems Security Conference. 1998. pp. 368–381.
43. Ryan J., Lin M.-J. Intrusion Detection with Neural Networks // Advances in Neural Information Processing Systems. 1998. pp. 943–949.
44. Tan K. The Application of Neural Networks to UNIX Computer Security // Proceedings of the IEEE International Conference on Neural Networks. 1995. vol. 1. pp. 476–481.
45. Sheth H., Shah B., Yagnik S. A survey on RBF Neural Network for Intrusion Detection System // Int. Journal of Engineering Research and Applications. 2014. vol. 4. Issue 12. pp. 17–22.
46. Gnosh A.K., Michael C., Schatz M. A Real-Time Intrusion Detection System Based on Learning Program Behavior // Proceedings of the 3rd International Workshop on Recent Advances in Intrusion Detection (RAID ’00). 2000. vol. 1907. pp. 93–109.
47. Hoglund A.J., Hatonen K., Sorvari A.S. A Computer Host-Based User Anomaly Detection System Using The Self-Organizing Map // Proceedings of the IEEE-INNS-ENNS International Joint Conference on Neural Networks. 2000. vol. 5. pp. 411–416.
48. Wang W., Guan X., Zhang X., Yang L. Profiling program behavior for anomaly intrusion detection based on the transition and frequency property of computer audit data // Computers & Security. 2006. vol. 25. Issue 7. pp. 539–550.
49. Bivens A., Palagiri C., Smith R., Szymanski B., Embrechts M. Network-Based Intrusion Detection Using Neural Networks // Intelligent Engineering Systems through Artificial Neural Networks. 2002. vol. 12. pp. 579–584.
50. Cannady J., Mahaffey J. The Application of Artificial Neural Networks to Misuse Detection: Initial Results // Proceedings of the 1st International Workshop on Recent Advances in Intrusion Detection. 1998.
51. Jirapummin C., Wattanapongsakorn N., Kanthamanon P. Hybrid Neural Networks for Intrusion Detection System // Proceedings of the 2002 International Technical Conference on Circuits, Systems, Computers and Communications. 2002. vol. 7. pp. 928–931.
52. Horeis T. Intrusion detection with neural networks – combination of self-organizing maps and radial basis function networks for human expert integration // URL: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.106.191&rep=rep1&type=pdf. 2003. (дата обращения: 22.03.2016).
53. Pawar S.N. Intrusion Detection in Computer Network using Genetic Algorithm Approach: A Survey // International Journal of Advances in Engineering & Technology. 2013. vol. 6. Issue 2. pp. 730–736.
54. Lu W., Traore I. Detecting New Forms of Network Intrusion Using Genetic Programming // Computational intelligence. 2004. vol. 20. no 3. pp. 475–494.
55. Jiang H., Ruan J. The Application of Genetic Neural Network in Network Intrusion Detection // Journal of computers. 2009. vol. 4. no. 12. pp. 1223–1230.
56. Ireland E. Intrusion Detection with Genetic Algorithms and Fuzzy Logic // UMM CSci senior seminar conference. 2013. pp. 1–6.
57. Li W. Using Genetic Algorithm for Network Intrusion Detection // Proceedings of the United States Department of Energy Cyber Security Group. 2004. pp. 1–8.
58. Sinclair C., Pierce L., Matzner S. An Application of Machine Learning to Network Intrusion Detection // Proceedings of the 15th Annual Computer Security Applications Conference. 1999. pp. 371–378.
59. Dave M.H., Sharma S.D. Improved Algorithm for Intrusion Detection Using Genetic Algorithm and SNORT // International Journal of Emerging Technology and Advanced Engineering. 2014. pp. 273–276.
60. KDD Cup 1999 Data. URL: http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html (дата обращения: 22.03.2016).
61. Wilson D., Kaur D. Using Grammatical Evolution for Evolving Intrusion Detection Rules // Proceedings of the 5th WSEAS Int. Conf. on Circuits, Systems, Electronics, Control & Signal Processing. 2006. pp. 42–47.
62. De Castro L.N., Von Zuben F.J. Artificial Immune Systems: Part I - Basic Theory and Applications // Universidade Estadual de Campinas, Dezembro de, Technical Report, 1999. 95 p.
63. Jerne N. Towards a network theory of the immune system // Ann. Immunol. (Inst. Pasteur). 1974. pp. 373–389.
64. Dasgupta D. Advances in Artificial Immune Systems // IEEE computational intelligence magazine. 2006. vol. 1. Issue 4. pp. 40–49.
65. Forrest S., Perelson A.S., Allen L., Cherukuri R. Self-Nonself Discrimination in a Computer // Proceedings of IEEE symposium on research in security and privacy. 1994. pp. 202–212.
66. Kim J., Bentley P.J. The Artificial Immune System for Network Intrusion Detection: An Investigation of Clonal Selection with a Negative Selection Operator // Proceedings of the Congress on Evolutionary Computation. 2001. pp. 1244–1252.
67. Seredinski F., Bourvy P. Anomaly detection in TCP/IP networks using immune systems paradigm // Computer communications. 2007. vol. 30. pp. 740–749.
68. Hofmeyr S.A., Forrest S. Architecture for an Artificial Immune System // Journal of Evolutionary Computation. 2000. vol. 8. no. 4. pp. 443–473.
69. Hofmeyr S.A. An Immunological Model of Distributed Detection and its Application to Computer Security // PhD thesis. Department of Computer Sciences, University of New Mexico. 1999. 113 p.
70. Powers S.T., He J. A Hybrid Artificial Immune System and Self Organising Map for Network Intrusion Detection // Information Sciences. 2008. vol. 178. Issue 15. pp. 3024–3042.
71. Zhou Y.P. Hybrid Model Based on Artificial Immune System and PCA Neural Networks for Intrusion Detection // Asia-Pacific Conference on Information Processing. 2009. vol. 1. pp. 21–24.
72. Chen W.H., Hsu S.H., Shen H.P. Application of SVM and ANN for intrusion detection // Computers & Operations Research. 2005. vol. 32. Issue 10. pp. 2617–2634.
73. Rozenberg G., Bäck T., Kok J.N. Handbook of natural computing // Springer Publishing Company, Incorporated. 2011. 2104 p.
74. Branitskiy A., Kotenko I. Network attack detection based on combination of neural, immune and neuro-fuzzy classifiers // The 18th IEEE International Conference on Computational Science and Engineering (IEEE CSE2015). 2015. pp. 152–159.
75. Peddabachigari S., Abraham A., Grosan C., Thomas J. Modeling intrusion detection system using hybrid intelligent systems // Journal of Network and Computer Applications. 2007. vol. 30. Issue 1. pp. 114–132.
76. Abraham A., Thomas J. Distributed intrusion detection systems: a computational intelligence approach // Applications of Information Systems to Homeland Security and Defense. 2005. pp. 105–135.
77. Mukkamala S., Sung A.H., Abraham A. Intrusion detection using ensemble of soft computing paradigms // Intelligent systems design and applications. 2003. vol. 23. pp. 239–248.
78. Vaitsekhovich L. Intrusion Detection in TCP/IP Networks Using Immune Systems Paradigm and Neural Network Detectors // XI International PhD Workshop OWD. 2009. pp. 219–224.
79. Komar M., Golovko V., Sachenko A., Bezobrazov S. Development of Neural Network Immune Detectors for Computer Attacks Recognition and Classification // IEEE 7th Intern. Conf. on Intelligent Data Acquisition and Advanced Computing Systems (IDAACS). 2013. vol. 2. pp. 665–668.
80. Golovko V., Komar M., Sachenko A. Principles of Neural Network Artificial Immune System Design to Detect Attacks on Computers // Intern. Conf. on Modern Problems of Radio Engineering, Telecommunications and Computer Science (TCSET). 2010. p. 237.
81. Govindarajan M., Chandrasekaran R.M. Intrusion Detection Using an Ensemble of Classification Methods // Proc. of the World Congress on Engineering and Computer Science. 2012. vol. 1. pp. 459–464.
82. Mukkamala S., Sung A.H., Abraham A. Intrusion Detection Using an Esemble of Intelligent Paradigms // Journal of Network and Computer Applications. 2005. vol. 28. Issue 2. pp. 167–182.
83. Toosi A.N., Kahani M. A New Approach to Intrusion Detection Based on an Evolutionary Soft Computing Model Using Neuro-Fuzzy Classifiers // Computer Communications. 2007. vol. 30. Issue 10. pp. 2201–2212.
84. Sommer R., Paxson V. Outside the Closed World: On Using Machine Learning For Network Intrusion Detection // IEEE Symposium on Security and Privacy (SP). 2010. pp. 305–316.
85. Chan-Tin E., Feldman D., Hopper N., Kim Y. The Frog-Boiling Attack: Limitations of Anomaly Detection for Secure Network Coordinate Systems // Security and Privacy in Communication Networks. Springer Berlin Heidelberg. 2009. pp. 448–458.
86. Котенко И.В., Карсаев О.И. Использование многоагентных технологий для комплексной защиты информации в компьютерных сетях // Известия ТРТУ. 2001. № 4. C. 38–50.
87. Gorodetsky V., Kotenko I., Karsayev O. The Multi-agent Technologies for Computer Network Security: Attack Simulation, Intrusion Detection and Intrusion Detection Learning // The International Journal of Computer Systems Science & Engineering. 2003. no. 4. pp. 191–200.
88. Котенко И.В. Многоагентные технологии для анализа уязвимостей и обнаружения вторжений в компьютерных сетях // Новости искусственного интеллекта. 2004. № 1. С. 56–72.
89. Котенко И.В., Воронцов В.В., Чечулин А.А., Уланов А.В. Проактивные механизмы защиты от сетевых червей: подход, реализация и результаты экспериментов // Информационные технологии. 2009. № 1. C. 37–42.
90. Котенко И.В., Нестерук Ф.Г., Чечулин А.А. Комбинирование механизмов обнаружения сканирования в компьютерных сетях // Вопросы защиты информации. 2011. № 3. С. 30–34.
91. Komashinskiy D., Kotenko I. Malware Detection by Data Mining Techniques Based on Positionally Dependent Features // Proceedings of the 18th Euromicro International Conference on Parallel, Distributed and network-based Processing (PDP 2010). 2010. pp. 617–623.
92. Комашинский Д.В., Котенко И.В. Обнаружение вредоносных документов формата PDF на основе интеллектуального анализа данных // Проблемы информационной безопасности. Компьютерные системы. 2012. № 1. С. 19–35.
93. Браницкий А.А., Котенко И.В. Построение нейросетевой и иммуноклеточной системы обнаружения вторжений // Проблемы информационной безопасности. Компьютерные системы. 2015. № 4. С. 23–27.
94. Браницкий А.А., Котенко И.В. Обнаружение сетевых атак на основе комплексирования нейронных, иммунных и нейро-нечетких классификаторов // Информационно-управляющие системы. 2015. № 4. С. 69–77.
95. Котенко И.В., Саенко И.Б. К новому поколению систем мониторинга и управления безопасностью // Вестник Российской академии наук. 2014. Том 84. № 11. С. 993–1001.
2. Kumar S., Spafford E.H. A Pattern Matching Model for Misuse Intrusion Detection // Proceedings of the 17th National Computer Security Conference. 1994. pp. 11–21.
3. Ghorbani A.A., Lu W., Tavallaee M. Network Intrusion Detection and Prevention: Concepts and Techniques // Springer Science & Business Media. 2009. 212 p.
4. Шаньгин В.Ф. Информационная безопасность компьютерных систем и сетей // М.: ИД «ФОРУМ»: ИНФРА-М. 2008. 416 с.
5. Anderson J.P. Computer Security Threat Monitoring and Surveillance // Technical report. Fort Washington, Pennsylvania. 1980.
6. Denning D.E. An Intrusion-Detection Model // IEEE Transactions on software engineering. 1987. vol. SE-13. Issue 2. pp. 222–232.
7. Jyothsna V., Prasad V.V.R. A Review of Anomaly Based Intrusion Detection Systems // International Journal of Computer Applications. 2011. vol. 28. no. 7. pp. 26–35.
8. Baddar S.A.-H., Merlo A., Migliardi M. Anomaly Detection in Computer Networks: A State-of-the-Art Review // Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications. 2014. vol. 5. no. 4. pp. 29–64.
9. Gyanchandani M., Rana J.L., Yadav R.N. Taxonomy of Anomaly Based Intrusion Detection System: A Review // International Journal of Scientific and Research Publications. 2012. vol. 2. Issue 12. pp. 1–13.
10. Tsai C.F., Hsub Y.F., Linc C.Y., Lin W.Y. Intrusion detection by machine learning: A review // Expert Systems with Applications. 2009. vol. 36. Issue 10. pp. 11994–12000.
11. Wu S.X., Banzhaf W. The Use of Computational Intelligence in Intrusion Detection Systems: A Review // Applied Soft Computing. 2010. vol. 10. Issue 1. pp. 1–35.
12. Kabiri P., Ghorbani A.A. Research on Intrusion Detection and Response: A Survey // International Journal of Network Security. 2005. vol. 1. no. 2. pp. 84–102.
13. Debar H., Dacier M., Wespi A. Towards a taxonomy of intrusion-detection systems // Computer Networks. 1999. vol. 31. Issue 8. pp. 805–822.
14. Barford P., Plonka D. Characteristics of Network Traffic Flow Anomalies // Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement. 2001. pp. 69–73.
15. Kim S.S., Reddy A.L. Statistical techniques for detecting traffic anomalies through packet header data // IEEE/ACM Transactions on Networking (TON). 2008. vol. 16. Issue 3. pp. 562–575.
16. Barford P., Kline J., Plonka D., Ron A. A signal analysis of network traffic anomalies // Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurement. 2002. pp. 71–82.
17. Brindasri S., Saravanan K. Evaluation Of Network Intrusion Detection Using Markov Chain // International Journal on Cybernetics & Informatics (IJCI). 2014. vol. 3. no. 2. pp. 11–20.
18. Ye N., Chen Q. An Anomaly Detection Technique Based on a Chi‐square Statistic for Detecting Intrusions into Information Systems // Quality and Reliability Engineering International. 2001. vol. 17. Issue 2. pp. 105–112.
19. Brockwell P.J., Davis R.A. Introduction to Time Series and Forecasting // Springer Science & Business Media. 2006. 434 p.
20. Lee W., Xiang D. Information-theoretic measures for anomaly detection // Security and Privacy. 2001. pp. 130–143.
21. Gu Y., McCallum A., Towsley D. Detecting Anomalies in Network Traffic Using Maximum Entropy Estimation // Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement. 2005. pp. 32–32.
22. Babaie T., Chawla S., Ardon S. Network Traffic Decomposition for Anomaly Detection // URL: http://arxiv.org/pdf/1403.0157.pdf, 2014 (Дата обращения: 08.03.2016).
23. Крылов В.В., Самохвалова С.С. Теория телетрафика и ее приложения // СПб.: БХВ-Петербург. 2005. 288 с.
24. Mazurek M., Dymora P. Network anomaly detection based on the statistical self-similarity factor for HTTP protocol // Przeglad elektrotechniczny, ISSN. 2014. pp. 127–130.
25. Lee K., Kim J., Kwon K.H., Han Y., Kim S. DDoS attack detection method using cluster analysis // Expert Systems with Applications. 2008. vol. 34. Issue 3. pp. 1659–1665.
26. Snort. Open Source Intrusion Detection System // URL: https://www.snort.org/ (дата обращения: 22.03.2016).
27. Suricata. Open Source IDS/IPS/NSM engine // URL: http://suricata-ids.org/ (дата обращения: 22.03.2016).
28. Ilgun K., Kemmerer R.A., Porras P.A. State Transition Analysis: A Rule-Based Intrusion Detection Approach // IEEE Transactions on Software Engineering. 1995. vol. 21. Issue 3. pp. 181–199.
29. Kumar S., Spafford E.H. A software architecture to support misuse intrusion detection // Proceedings of the 18th National Information Security Conference. 1995. pp. 194–204.
30. Zhu W., Zhou Q., Li P. Intrusion detection based on model checking timed interval temporal logic // IEEE International Conference on Information Theory and Information Security (ICITIS). 2010. pp. 503–505.
31. Kruegel C., Toth T. Using Decision Trees to Improve Signature-Based Intrusion Detection // Recent Advances in Intrusion Detection. 2003. pp. 173–191.
32. DARPA Intrusion Detection Data Sets // URL: https://www.ll.mit.edu/ideval/data/ (дата обращения: 22.03.2016).
33. Heckerman D. A Tutorial on Learning with Bayesian Networks // Innovations in Bayesian Networks: Theory and Applications. 2008. vol. 156. pp. 33–82.
34. Barbara D., Wu N., Jajodia S. Detecting Novel Network Intrusions Using Bayes Estimators // Proceedings of the First SIAM International Conference on Data Mining. 2001. pp. 1–17.
35. Mukkamala S., Sung A.H., Abraham A., Ramos V. Intrusion Detection Systems Using Adaptive Regression Splines // Sixth International Conference on Enterprise Information Systems. 2006. pp. 211–218.
36. Ranjan R., Sahoo G. A new clustering approach for anomaly intrusion detection // International Journal of Data Mining & Knowledge Management Process (IJDKP). 2014. vol. 4. no. 2. pp. 29–38.
37. Guan Y., Ghorbani A.A., Belacel N. Y-means: a clustering method for intrusion detection // Canadian Conference on Electrical and Computer Engineering, 2003. vol. 2. pp. 1083–1086.
38. Wang Y. A multinomial logistic regression modeling approach for anomaly intrusion detection // Computers & Security. 2005. vol. 24. Issue 8. pp. 662–674.
39. Sammany M., Sharawi M., El-Beltagy M., Saroit I. Artificial Neural Networks Architecture for Intrusion Detection Systems and Classification of Attacks // The 5th international conference INFO2007. 2007. pp. 24–26.
40. Moradi M., Zulkernine M. A Neural Network Based System for Intrusion Detection and Classification of Attacks // Proceedings of the IEEE International Conference on Advances in Intelligent Systems-Theory and Applications. 2004.
41. Selim S., Hashem M., Nazmy T.M. Intrusion Detection using Multi-Stage Neural Network // International Journal of Computer Science and Information Security (IJCSIS). 2010. vol. 8. no. 4. pp. 14–20.
42. Cannady J. Artificial Neural Networks for Misuse Detection // Proceedings of the 21st National Information Systems Security Conference. 1998. pp. 368–381.
43. Ryan J., Lin M.-J. Intrusion Detection with Neural Networks // Advances in Neural Information Processing Systems. 1998. pp. 943–949.
44. Tan K. The Application of Neural Networks to UNIX Computer Security // Proceedings of the IEEE International Conference on Neural Networks. 1995. vol. 1. pp. 476–481.
45. Sheth H., Shah B., Yagnik S. A survey on RBF Neural Network for Intrusion Detection System // Int. Journal of Engineering Research and Applications. 2014. vol. 4. Issue 12. pp. 17–22.
46. Gnosh A.K., Michael C., Schatz M. A Real-Time Intrusion Detection System Based on Learning Program Behavior // Proceedings of the 3rd International Workshop on Recent Advances in Intrusion Detection (RAID ’00). 2000. vol. 1907. pp. 93–109.
47. Hoglund A.J., Hatonen K., Sorvari A.S. A Computer Host-Based User Anomaly Detection System Using The Self-Organizing Map // Proceedings of the IEEE-INNS-ENNS International Joint Conference on Neural Networks. 2000. vol. 5. pp. 411–416.
48. Wang W., Guan X., Zhang X., Yang L. Profiling program behavior for anomaly intrusion detection based on the transition and frequency property of computer audit data // Computers & Security. 2006. vol. 25. Issue 7. pp. 539–550.
49. Bivens A., Palagiri C., Smith R., Szymanski B., Embrechts M. Network-Based Intrusion Detection Using Neural Networks // Intelligent Engineering Systems through Artificial Neural Networks. 2002. vol. 12. pp. 579–584.
50. Cannady J., Mahaffey J. The Application of Artificial Neural Networks to Misuse Detection: Initial Results // Proceedings of the 1st International Workshop on Recent Advances in Intrusion Detection. 1998.
51. Jirapummin C., Wattanapongsakorn N., Kanthamanon P. Hybrid Neural Networks for Intrusion Detection System // Proceedings of the 2002 International Technical Conference on Circuits, Systems, Computers and Communications. 2002. vol. 7. pp. 928–931.
52. Horeis T. Intrusion detection with neural networks – combination of self-organizing maps and radial basis function networks for human expert integration // URL: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.106.191&rep=rep1&type=pdf. 2003. (дата обращения: 22.03.2016).
53. Pawar S.N. Intrusion Detection in Computer Network using Genetic Algorithm Approach: A Survey // International Journal of Advances in Engineering & Technology. 2013. vol. 6. Issue 2. pp. 730–736.
54. Lu W., Traore I. Detecting New Forms of Network Intrusion Using Genetic Programming // Computational intelligence. 2004. vol. 20. no 3. pp. 475–494.
55. Jiang H., Ruan J. The Application of Genetic Neural Network in Network Intrusion Detection // Journal of computers. 2009. vol. 4. no. 12. pp. 1223–1230.
56. Ireland E. Intrusion Detection with Genetic Algorithms and Fuzzy Logic // UMM CSci senior seminar conference. 2013. pp. 1–6.
57. Li W. Using Genetic Algorithm for Network Intrusion Detection // Proceedings of the United States Department of Energy Cyber Security Group. 2004. pp. 1–8.
58. Sinclair C., Pierce L., Matzner S. An Application of Machine Learning to Network Intrusion Detection // Proceedings of the 15th Annual Computer Security Applications Conference. 1999. pp. 371–378.
59. Dave M.H., Sharma S.D. Improved Algorithm for Intrusion Detection Using Genetic Algorithm and SNORT // International Journal of Emerging Technology and Advanced Engineering. 2014. pp. 273–276.
60. KDD Cup 1999 Data. URL: http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html (дата обращения: 22.03.2016).
61. Wilson D., Kaur D. Using Grammatical Evolution for Evolving Intrusion Detection Rules // Proceedings of the 5th WSEAS Int. Conf. on Circuits, Systems, Electronics, Control & Signal Processing. 2006. pp. 42–47.
62. De Castro L.N., Von Zuben F.J. Artificial Immune Systems: Part I - Basic Theory and Applications // Universidade Estadual de Campinas, Dezembro de, Technical Report, 1999. 95 p.
63. Jerne N. Towards a network theory of the immune system // Ann. Immunol. (Inst. Pasteur). 1974. pp. 373–389.
64. Dasgupta D. Advances in Artificial Immune Systems // IEEE computational intelligence magazine. 2006. vol. 1. Issue 4. pp. 40–49.
65. Forrest S., Perelson A.S., Allen L., Cherukuri R. Self-Nonself Discrimination in a Computer // Proceedings of IEEE symposium on research in security and privacy. 1994. pp. 202–212.
66. Kim J., Bentley P.J. The Artificial Immune System for Network Intrusion Detection: An Investigation of Clonal Selection with a Negative Selection Operator // Proceedings of the Congress on Evolutionary Computation. 2001. pp. 1244–1252.
67. Seredinski F., Bourvy P. Anomaly detection in TCP/IP networks using immune systems paradigm // Computer communications. 2007. vol. 30. pp. 740–749.
68. Hofmeyr S.A., Forrest S. Architecture for an Artificial Immune System // Journal of Evolutionary Computation. 2000. vol. 8. no. 4. pp. 443–473.
69. Hofmeyr S.A. An Immunological Model of Distributed Detection and its Application to Computer Security // PhD thesis. Department of Computer Sciences, University of New Mexico. 1999. 113 p.
70. Powers S.T., He J. A Hybrid Artificial Immune System and Self Organising Map for Network Intrusion Detection // Information Sciences. 2008. vol. 178. Issue 15. pp. 3024–3042.
71. Zhou Y.P. Hybrid Model Based on Artificial Immune System and PCA Neural Networks for Intrusion Detection // Asia-Pacific Conference on Information Processing. 2009. vol. 1. pp. 21–24.
72. Chen W.H., Hsu S.H., Shen H.P. Application of SVM and ANN for intrusion detection // Computers & Operations Research. 2005. vol. 32. Issue 10. pp. 2617–2634.
73. Rozenberg G., Bäck T., Kok J.N. Handbook of natural computing // Springer Publishing Company, Incorporated. 2011. 2104 p.
74. Branitskiy A., Kotenko I. Network attack detection based on combination of neural, immune and neuro-fuzzy classifiers // The 18th IEEE International Conference on Computational Science and Engineering (IEEE CSE2015). 2015. pp. 152–159.
75. Peddabachigari S., Abraham A., Grosan C., Thomas J. Modeling intrusion detection system using hybrid intelligent systems // Journal of Network and Computer Applications. 2007. vol. 30. Issue 1. pp. 114–132.
76. Abraham A., Thomas J. Distributed intrusion detection systems: a computational intelligence approach // Applications of Information Systems to Homeland Security and Defense. 2005. pp. 105–135.
77. Mukkamala S., Sung A.H., Abraham A. Intrusion detection using ensemble of soft computing paradigms // Intelligent systems design and applications. 2003. vol. 23. pp. 239–248.
78. Vaitsekhovich L. Intrusion Detection in TCP/IP Networks Using Immune Systems Paradigm and Neural Network Detectors // XI International PhD Workshop OWD. 2009. pp. 219–224.
79. Komar M., Golovko V., Sachenko A., Bezobrazov S. Development of Neural Network Immune Detectors for Computer Attacks Recognition and Classification // IEEE 7th Intern. Conf. on Intelligent Data Acquisition and Advanced Computing Systems (IDAACS). 2013. vol. 2. pp. 665–668.
80. Golovko V., Komar M., Sachenko A. Principles of Neural Network Artificial Immune System Design to Detect Attacks on Computers // Intern. Conf. on Modern Problems of Radio Engineering, Telecommunications and Computer Science (TCSET). 2010. p. 237.
81. Govindarajan M., Chandrasekaran R.M. Intrusion Detection Using an Ensemble of Classification Methods // Proc. of the World Congress on Engineering and Computer Science. 2012. vol. 1. pp. 459–464.
82. Mukkamala S., Sung A.H., Abraham A. Intrusion Detection Using an Esemble of Intelligent Paradigms // Journal of Network and Computer Applications. 2005. vol. 28. Issue 2. pp. 167–182.
83. Toosi A.N., Kahani M. A New Approach to Intrusion Detection Based on an Evolutionary Soft Computing Model Using Neuro-Fuzzy Classifiers // Computer Communications. 2007. vol. 30. Issue 10. pp. 2201–2212.
84. Sommer R., Paxson V. Outside the Closed World: On Using Machine Learning For Network Intrusion Detection // IEEE Symposium on Security and Privacy (SP). 2010. pp. 305–316.
85. Chan-Tin E., Feldman D., Hopper N., Kim Y. The Frog-Boiling Attack: Limitations of Anomaly Detection for Secure Network Coordinate Systems // Security and Privacy in Communication Networks. Springer Berlin Heidelberg. 2009. pp. 448–458.
86. Котенко И.В., Карсаев О.И. Использование многоагентных технологий для комплексной защиты информации в компьютерных сетях // Известия ТРТУ. 2001. № 4. C. 38–50.
87. Gorodetsky V., Kotenko I., Karsayev O. The Multi-agent Technologies for Computer Network Security: Attack Simulation, Intrusion Detection and Intrusion Detection Learning // The International Journal of Computer Systems Science & Engineering. 2003. no. 4. pp. 191–200.
88. Котенко И.В. Многоагентные технологии для анализа уязвимостей и обнаружения вторжений в компьютерных сетях // Новости искусственного интеллекта. 2004. № 1. С. 56–72.
89. Котенко И.В., Воронцов В.В., Чечулин А.А., Уланов А.В. Проактивные механизмы защиты от сетевых червей: подход, реализация и результаты экспериментов // Информационные технологии. 2009. № 1. C. 37–42.
90. Котенко И.В., Нестерук Ф.Г., Чечулин А.А. Комбинирование механизмов обнаружения сканирования в компьютерных сетях // Вопросы защиты информации. 2011. № 3. С. 30–34.
91. Komashinskiy D., Kotenko I. Malware Detection by Data Mining Techniques Based on Positionally Dependent Features // Proceedings of the 18th Euromicro International Conference on Parallel, Distributed and network-based Processing (PDP 2010). 2010. pp. 617–623.
92. Комашинский Д.В., Котенко И.В. Обнаружение вредоносных документов формата PDF на основе интеллектуального анализа данных // Проблемы информационной безопасности. Компьютерные системы. 2012. № 1. С. 19–35.
93. Браницкий А.А., Котенко И.В. Построение нейросетевой и иммуноклеточной системы обнаружения вторжений // Проблемы информационной безопасности. Компьютерные системы. 2015. № 4. С. 23–27.
94. Браницкий А.А., Котенко И.В. Обнаружение сетевых атак на основе комплексирования нейронных, иммунных и нейро-нечетких классификаторов // Информационно-управляющие системы. 2015. № 4. С. 69–77.
95. Котенко И.В., Саенко И.Б. К новому поколению систем мониторинга и управления безопасностью // Вестник Российской академии наук. 2014. Том 84. № 11. С. 993–1001.
Опубликован
2016-04-04
Как цитировать
Браницкий, А. А., & Котенко, И. В. (2016). Анализ и классификация методов обнаружения сетевых атак. Труды СПИИРАН, 2(45), 207-244. https://doi.org/10.15622/sp.45.13
Раздел
Информационная безопасность
Авторы, которые публикуются в данном журнале, соглашаются со следующими условиями:
Авторы сохраняют за собой авторские права на работу и передают журналу право первой публикации вместе с работой, одновременно лицензируя ее на условиях Creative Commons Attribution License, которая позволяет другим распространять данную работу с обязательным указанием авторства данной работы и ссылкой на оригинальную публикацию в этом журнале.
Авторы сохраняют право заключать отдельные, дополнительные контрактные соглашения на неэксклюзивное распространение версии работы, опубликованной этим журналом (например, разместить ее в университетском хранилище или опубликовать ее в книге), со ссылкой на оригинальную публикацию в этом журнале.
Авторам разрешается размещать их работу в сети Интернет (например, в университетском хранилище или на их персональном веб-сайте) до и во время процесса рассмотрения ее данным журналом, так как это может привести к продуктивному обсуждению, а также к большему количеству ссылок на данную опубликованную работу (Смотри The Effect of Open Access).