基于機器學(xué)習(xí)的網(wǎng)絡(luò)入侵檢測技術(shù)綜述
網(wǎng)絡(luò)安全與數(shù)據(jù)治理
張茜,王曉菲,王亞洲,尚穎,王芳鳴,曾穎明
北京計算機技術(shù)及應(yīng)用研究所
摘要: 新興技術(shù)的發(fā)展推動了機器學(xué)習(xí)等智能化方法在網(wǎng)絡(luò)入侵檢測的廣泛應(yīng)用,有效提高了入侵檢測的效率和準確率,然而基于機器學(xué)習(xí)的網(wǎng)絡(luò)入侵檢測領(lǐng)域仍然面臨著大規(guī)模網(wǎng)絡(luò)數(shù)據(jù)處理難、數(shù)據(jù)樣本不平衡、未知威脅難以有效檢測、模型泛化能力差等挑戰(zhàn)。文章對基于機器學(xué)習(xí)的網(wǎng)絡(luò)入侵檢測技術(shù)進行綜述和總結(jié),對比和分析當前主流方法的優(yōu)勢和局限性,并總結(jié)和討論該領(lǐng)域目前挑戰(zhàn)和未來展望,以便為該領(lǐng)域人員了解最新研究動態(tài)提供借鑒參考。
中圖分類號:TP309文獻標識碼:ADOI:10.19358/j.issn.2097-1788.2024.12.001
引用格式:張茜,王曉菲,王亞洲,等. 基于機器學(xué)習(xí)的網(wǎng)絡(luò)入侵檢測技術(shù)綜述[J].網(wǎng)絡(luò)安全與數(shù)據(jù)治理,2024,43(12):1-9,18.
引用格式:張茜,王曉菲,王亞洲,等. 基于機器學(xué)習(xí)的網(wǎng)絡(luò)入侵檢測技術(shù)綜述[J].網(wǎng)絡(luò)安全與數(shù)據(jù)治理,2024,43(12):1-9,18.
Overview of network intrusion detection technology based on machine learning
Zhang Xi,Wang Xiaofei,Wang Yazhou,Shang Ying,Wang Fangming,Zeng Yingming
Beijing Institute of Computer Technology and Application
Abstract: The development of emerging technologies has promoted the wide application of intelligent methods such as machine learning in the field of network intrusion detection, and effectively improved the efficiency and accuracy of intrusion detection. However, the field of network intrusion detection based on machine learning still faces challenges such as difficulty in processing large-scale network data, imbalance of data samples, difficulty in effectively detecting unknown threats, and poor generalization ability of models. This paper aims to summarize the network intrusion detection technology based on machine learning, compare and analyze the advantages and limitations of the current mainstream methods, and summarize and discuss the current challenges and future prospects in this field, so as to provide reference for people in this field to understand the latest research trends.
Key words : machine learning; intrusion detection; intelligence
引言
隨著世界范圍內(nèi)的網(wǎng)絡(luò)攻擊威脅不斷加劇,防火墻、密碼機等傳統(tǒng)被動的安全防護手段已無法完全應(yīng)對復(fù)雜的、動態(tài)的、隱蔽的新型未知威脅,亟需網(wǎng)絡(luò)入侵檢測等主動的安全防護手段,發(fā)現(xiàn)和阻斷來自強敵多樣化的網(wǎng)絡(luò)威脅。網(wǎng)絡(luò)入侵檢測技術(shù)可以按照基于數(shù)據(jù)來源、基于工作方式、基于檢測結(jié)果、基于檢測方法來進行分類,如圖1所示。相較于傳統(tǒng)的基于模式匹配、專家系統(tǒng)的入侵檢測方法,機器學(xué)習(xí)等智能化模型能夠?qū)W習(xí)數(shù)據(jù)樣本的攻擊行為特征或分類、聚類模式,有效提高網(wǎng)絡(luò)威脅檢測的效率和準確率。本文重點介紹和分析基于機器學(xué)習(xí)的網(wǎng)絡(luò)入侵檢測,分別從基于監(jiān)督學(xué)習(xí)、基于無監(jiān)督學(xué)習(xí)兩個方面進行詳細闡述。
本文詳細內(nèi)容請下載:
http://www.rjjo.cn/resource/share/2000006260
作者信息:
張茜,王曉菲,王亞洲,尚穎,王芳鳴,曾穎明
(北京計算機技術(shù)及應(yīng)用研究所,北京100854)
此內(nèi)容為AET網(wǎng)站原創(chuàng),未經(jīng)授權(quán)禁止轉(zhuǎn)載。