基于条件随机场的实时入侵检测系统框架实现

入侵检测系统（IDS）如今是网络的重要组成部分，现在各种无线网络及专用网络都已配备检测系统。随着网络技术的迅猛发展，入侵检测的技术已经从简单的签名匹配发展成能充分利用上下文信息的基于异常和混合的检测方式。为了从网络环境大量记录信息中正确有效地识别出入侵，提出一种基于层叠条件随机场模型的入侵检测框架，该框架针对4类不同攻...

Real-Time Intrusion Detection System FrameworkBased on Conditional Random Fields

Intrusion detection systems are now an essential component in the all kinds of network even including wireless ad hoc network. With the rapid advancement in the network technologies, the focus of intrusion detection has shifted from simple signature matching approaches to detecting attacks based on analyzing contextual information that employed in based on anomaly and hybrid intrusion detection approaches In order to correctly and effectively recognizing the hidden attack intrusion from large volume of low level system logs, a layered based on anomaly intrusion detection framework was proposed using conditional random fields to detect a wide variety of attacks. For models separately, and then processes the data layer fou by r classes of attack the framework trains four different layer to detect intrusion. Attacks could be identified and intrusion response could be initiated in real time with this framework and the system adaptability and portability were improved significantly reduce the system false alarm rate and false detection rate. Experiments show that the CRF model could detect attacks effectively