Download - 安徽大学博士学位论文 开 题 报 告
-
Snort (kj2007B242)
-
OutlineContext of Network Security ProblemSignificance of Studying Intrusion Detection TechniqueAdvance in IDSAdvance in AIS and its application to computer securityMain research workStudy methodology and notionInnovations and features of the dissertationReferences
-
1. Context of Network Security Problem
-
Context of Network security Problem Internet
Chart2
252
406
773
1334
2340
2412
2573
2134
3734
8268
21756
Incidents Reported to CERT/CC
Sheet1
Web defacements - attrition.org
954
9618
9728
98233
993736
005822
CERT Incidents
90252
91406
92773
931334
942340
952412
962573
972134
983734
998268
0021756
CERT Vulnerabilities Reported
95171
96345
97311
98262
99419
00774
ICSA.net - Virus infection per 1,000 computers
9721
9832
9988
#hosts#defacedpercent#level 2#defacedpercent#level 3#defacedpercent
com2486333117400.007com137361517400.13820200317400.021
net168536552260.001net1187922260.1957341402260.004
edu60851371720.003edu40391724.2619885581720.009
mil1751866920.005mil7692121.05196183920.047
org9598272450.026org1241472450.207398442450.033
gov7777501620.021gov48616233.332720941620.060
int872760.069int38615.79768060.078
other2109779910930.00541107510930.27472113010930.023
total7239809237360.005203226837360.182186163237360.017
#level 2#defacedpercent
com137361517400.13
org1241472450.20
net1187922260.19
edu40391724.26
gov48616233.33
mil7692121.05
int38615.79
other41107510930.27
203226837360.18
#level 3#defacedpercent
com820200317400.021
net57341402260.004
edu19885581720.009
org7398442450.033
gov2720941620.060
mil196183920.047
int768060.078
other472113010930.023
2186163237360.017
#level 3#defacedpercent
mil7692121.05
gov48616233.33
int38615.79
edu40391724.26
org1241472450.20
net1187922260.19
com137361517400.13
Sheet1
0
0
0
0
0
0
Number of defacements
Web Defacements - Attrition.org
Sheet2
0
0
0
0
0
0
0
0
0
0
0
Incidents Reported to CERT/CC
Sheet3
0
0
0
Infections per 1,000 computers
Virus Infection Rate - ICSA.net
0
0
0
0
0
0
Vulerabilities Reported to CERT/CC
-
Context of network security Problem
-
Context of network security Problem
-
Context of network security ProblemFirewall, User Authentication, Authorization and Access Control
-
2. Significance of Studying Intrusion Detection Technique
-
Significance of Studying Intrusion Detection TechniqueISSP2DR
-
Significance of Studying Intrusion Detection TechniqueDARPACDIS863
-
Significance of Studying Intrusion Detection Technique
-
Significance of Studying Intrusion Detection Technique
-
Significance of Studying Intrusion Detection TechniqueMIT Lincoln
-
Significance of Studying Intrusion Detection TechniqueNISIDS:NISIDS NISIDS NISIDS NIS
-
3. Advance in IDS technique
-
Advance in IDS techniqueUuniverse set,S: normal/legitimate/acceptable pattern set (self set ),N: anomalous/illegitimate/unacceptable pattern set (nonself set),SN=U, SN=IDS=f, M), f is a nonlinear classification function, M is detection range of detection system, f: U*U{normal, anomalous}NonselfSelfMFalse positivesFalse negativesU
-
Advance in IDS technique1980 James Anderson 1987 Dorothy Denning S.Stanfod-Chen 1998 CIDFCommon Intrusion Detection Framework
-
Advance in IDS techniqueSRI EMERALD P-BEST Purdue CERIAS AAFIDAgent Columbia Wenke Lee
-
Advance in IDS techniqueGhosh 1999Tim Bass
-
Advance in IDS techniqueAgentSVM
-
4. Advance in AIS and its application in computer security field
-
Advance in AIS and its application in computer security field1990H. Bersini19911994Stephanie.Forrest90J. Hunt
-
Advance in AIS and its application in computer security field1996129002International Conference on Artificial Immune Systems (ICARIS).Special Session on Artificial Immune Systems at the IEEE Congress on Evolutionary Computation (CEC)03Special Track on Artificial Immune Systems at Genetic and Evolutionary Computation Conference (GECCO).Panelist on Biologically Inspired/Motivated Computational Modelsat International Joint Conference on Neural Networks (IJCNN)Offered tutorial on Immunological Computation at International Joint Conference on Artificial Intelligence (IJCAI)
-
Advance in AIS and its application in computer security fieldAIS(1)Negative Selection AlgorithmForrest 1994 (2)A Novel Genetic Algorithm Based on Immunity Jiao 2000 (3)Clonal Selection AlgorithmKim, de Castro presented(4)Immune Network Models. Timmis(Resource Limited Artificial Immune Systemde CastroaiNet
-
Advance in AIS and its application in computer security fieldAISNew MexicoForrestAIS-Based computer security2000KimIDS()IDSIDS IDS Dipankar DasguptaMemphis Univ.
-
5. Main study work
-
Main study workIDSIDSGenes library,IDSClone selectionIDScommunicatorIDSco-stimulation)(scalability)(robustness)adaptability
-
Main study workMcAb Operator(Vaccination Operator)
-
Main study workIPDosCGIFTPPHPdetection rate(false positive error rate)(detector cover)(detection hole)
-
Main study workNISIDSnegative selectionIDS
-
Main study workForrest&HofmeyrLISYSCDISIDS
-
6. Research methodology and thought
-
Research method and thought1LANWeb, FtpXscan, Smurf Fluxayteardrop, ping of death2LANWinpcap for WindowsLibpcap for Unix/LinuxMITLincolntraining data set, test data set, real-time data set
-
Research method and thought3RFC1700
-
Research method and thought456pre-detectorsnegative selectionmature detectorsClonal selectionimmune evolutionary
-
Research method and thought7detection rate(false positive error rate)(detector cover)(detection hole)89MIT
-
7. Main innovation and features of dissertation
-
3.IDS4.5.Vaccination OperatorMcAb Operator
-
References
-
Referenceshttp://searchwin2000.techtarget.com/tip/1,289483,sid1-gci851241,00.html?from Taxonomy=%2fpr%2f5e3,2004CERT/CC Statistics 1998-2002. http://www.cert.org/stats/,2003. P2DR. 20012IDC2001.1212(12):66-67Richard. Lippmann, Joshua W. Haines. "The 1999 Darpa Off-Line Intrusion Detection Evaluation". Computer Networks,34 (4),p5 79-595,2000Third Edition of the Intrusion Detection System http://www.nss.co.uk/ids/edition3/index.htmlStephanie Forrest, Steven A. Hofineyr. "John Holland's Invisible Hand: An Artificial Immune System". 2000.Steven A. Hofineyr. "An Interpretative Introduction to the Immune System Design Principles for the Immune System and other Distributed Autonomous Systems. Oxford University Press, Eds, I. Cohen and L. Segel. 2000.J.PAnderson. Computer security threat monitoring and surveillance. Technical, James P. Anderson Company, Fort Washington, Pennsylvania, April 1980.Dorothy E. Denning. "An Intrusion Detection Model". IEEE TRANSACTIONS on Software Engineering VoL SE-13,No.2,FEBRUARY pp.222-232,1987.
-
ReferencesHenry S.Teng, Kaihu chenstephen c-y lu. "Adaptive Realtime Anomaly Detection Using Inductively Generated Sequential Paterns". Proceeding of the 1990 IEEE Symposium on security and Privacy 1990.S.Stainford-Chen. Common intrusion detection framework. http://seclab.cs.ucdavis.edu/cidf 1998.Nicholas J.Puketza ,Kui Zhang Mandy chung ,Biswanath Mukheriee,Ronald A.Oisson. "A Methodology for Testing Intrusion Detection Systems". IEEE Transaction of Software Engineering Vol.22,No.10,pp719-729,1996.Kristopher Kendall. "A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems ". MIT Master Thesis 1999.Ulf Lindqvist Phillip A.Porras. "Detecting Computer and Network Misuse Through the Production-Based Expert System Tool set (P-BEST)". IEEE Symposium on Security and Privacy pp.146-166, 1999.Eugene H.Spaford, Diego Zamboni. Intrusion Detection Using Autonomous Agents. Computer Network 34(2000) pp.547-570,2000.Weake Lee Salvatore J.Stolfo Kui W.Mok "A Data Mining Framework for Building Intrusion Detection Models". IEEE Symposium on Security and privacy pp.120-132,1999.
-
ReferencesS. Staniford-Chen, S. Cheung, R. Crawford, M. Dilger, J. FraiJ. Hoagland, K. Levitt, C.Wee, R.Yip, and D.Zerkle. GrIDSA Graph Based Intrusion Detection System for large networks .In Proceedings of the 20th National Information Systems Security Conference volume 1 ,pages 361-370,October 1996.Anup K .Ghosh and Aaron Schwartzbard. "A Study in Using Neural Networks for Anomaly and Misuse Detection". Proceeding of the 8th USENIS Security Symposium on Washington, D.C.,USA. pp.23 -26,1999.Tim Bass "Multi sensor Data Fusion for Next Generation Distributed Intrusion Detection System".1999 IRIS NATIONAL SYMPOSIUM 1999.,.AGENT. Vol.1l pp.1312-1319,2000..:. Vol. 11 , pp.1460-1465,2000.. SVMVol.23,No.5,2002 .. , VOL.12, NO.4: pp.375-399,2000. ., Vol.26,No.5,1999... 2001.
-
References, , , .. Vo1.23 No.9 2002 pp. l-7., . . , Vol.22,No.2,pp.49-53,2000, . . 2002 Vol.23 No.10: pp. 1235-1238.S. Forrest, A. S. Perelson, L. Allen and R. Cherukuri. Self-nonself discrimination in a computer. In Proceedings of the IEEE Symposium on Research in Security and Privacy. 1994.J. E. Hunt and D. E. Cooke, An Adaptive and distributed Learning System based on the Immune System. In Proc. of the IEEE International Conference on SMC, pp. 2494 -2499, 1995.L. C. Jiao and L. Wang. A novel genetic algorithm based on immunity. IEEE Trans. Systems, Man and Cybernetics. 30(5): pp. 552-561. 2000.. BP199923163-66.. 2000378924-930.Forrest, S., Hofmeyr, S. A., & Somayaji, A. (1997). Computer immunology. Communications of the ACM, 40(10), 8896.
-
References[36] Jiao L C, Wang L. A novel genetic algorithm based on immunity. IEEE Trans. On Systems, Man, And Cybernetics-Part A: System and Humans, 2000,30(5):552~561.[37] J.Kim, EBentley. Immune Memory in the Dynamic Clonal Selection Algorithm. In: Proc of the 1st International Conference on Artificial Immune Systems, Canterbury, UK ,2002:57-65.[38]Tarakanov A, Dasgupta D. A formal model of an artificial immune system. BioSystems, 2000, 55: 151~158.[39]Tarakanov A O. Towards immunocompute. http://solvayins.ulb.ac.be/fixed/immune/Demosoft.html, 2004.[40]Timmis J, Neal M. A resource limited artificial immune system for data analysis. Knowledge Based Systems, 2001,14(3-4):121~130.[41]Nunes de Castro L, Von Zuben F J. An evolutionary immune network data clustering. Proceeding of the sixth Brazilian Symposium on Neural networks, 2000, 84~89.[42] Stephanie Forrest, Alan s.Perelson, Lawrence Allen. "Self-Nonself Discrimination in a Computer". In proceedings of the 1994 IEEE symposium on Research in Security and privacy, LosAlamos, CA, 1994.[43]Stephanie Forrest, Thomas A.Longstaf steven A. Hofmeyr. "A sense of self for Unix processes". In proceeding of the 1996 IEEE Symposium on security and Privacy.
-
References[44]Steven Andrew Hofmeyr. "An Immunological Model of Distributed Detection and its Application to Computer Security". Ph.D. Dissertation. University of New Mexico,1999.[45]Paul D .Williams, Kevin P Anchor, John L. Bebo, Gregg H.Gunsch, Gray D.Lamout. "CDIS: Towards a Computer Immune System for Detecting Network Intrusions". Proceedings 4th International Symposium, RAID 2001 Davis, CA,USA, October 10-12,2001.[46]Kim and Bentley P. "The Human Immune System and Network Intrusion Detection",7th European Congress on Intelligent Techniques and Soft Computing( EUFIT '99), Aachen Germany, September 13-19.[47]Kim, J. and Bentley, P., (1999), "The Artificial Immune Model for Network Intrusion Detection". 7th European Congress on Intelligent Techniques and Soft Computing( EUFIT99), Aachen, Germany, September 13-19.[48]Kim, J. and Bentley, E J. (1999). "Negative Selection and Niching by an Artificial Immune System for Network Intrusion Detection"Genetic and Evolutionary Computation Conference (GECCO '99),Orlando, Florida, Ju ly13-17.pp .149-158.
-
References[49]Jungwon Kim, Peter J. Bertley. An Evaluation of Negative Selection In an Artificial Immune System for Network Intrusion Detection. Genetic and evolutionary computation conference 2001(GECCO-2001), San Francisco, pp. 1330-1337, July 7-11,2001.[50]Jungwon Kim, Peter J. Bertley. Towards an artificial immune system for network intrustion detection: an investigation of clonal selection with a negative selection operator. Congress on evolutionary computation (CEC-2001), Seoul, Korea, pp. 1244-1252, May 27-30,2001.[51]Dipankar Dasgupta, Fabio A.Gonzalez. "An Immunogenetic Approach to Intrusion Detection". Technical Report No.CS-01-001 May,2001.[52]Fabio A .Gonzalez, Dipankar Dasgupta. "An Immunogenetic Technique to Detect Anomalies in Network Traffic". In Gecco 2002: proceedings of the genetic and evolutionary computation coference,pages1081-1088, NewYork,9-13 July 2002. Morgan Kaufmann Publishers.[53]Fabio A .Gonzalez, Dipankar Dasgupta, Robert Kozma. "Combining Negative Selection and Classification Technique for Anomaly Detection". In Proceedings of the Congress on Evolutionary Computation. Pages 705-710,Honolulu,HI,May 2002.IEEE.
-
References[54]Dipankar Dasgupta, Fabio Gonzalez "An Immunity-Based Technique to Characterize Intrusions in Computer Networks" IEEE Transactions on Evolutionary Computation Vol 6 No.3 June 2002:281-291.[55]LUO Wen-jian, ZHANG Si-haiLIHANG Wen, CAO Xian-bin, WANG Xu-fa, NIDS Research Advance Based on Artificial Immunology, Journal of University of Science and Technology, Vol. 35, No 5, Oct. 2002.[56], , , . . , Vol. 24 No. 8, Aug. 2003.[57]. , 2003.5[58]. . , 2003.4.[59]. Kim. , 2006.2[60]Cohen F. Computer viruses. Computer & Security, 1987, 22-35.
-
Thanks for your attendance!
-
AIS-Based IDS negative selectionAttachment
-
return