网络与信息安全学报 (Feb 2025)
Research on intrusion detection model based on synchronization of heterogenous executer
Abstract
Intrusion detection and cybersecurity situational awareness technologies based on machine learning and deep learning have generally been limited by their reliance on prior knowledge and pre-training, which restricts their accuracy in detecting various types of attacks. The dynamic heterogeneous redundancy (DHR) construction technique, which detects attacks by evaluating the behavioral consistency of heterogeneous executers, offers a new perspective for intrusion detection. Based on this concept, a novel intrusion detection model called IDHES was proposed. This model was capable of detecting multiple types of intrusions without requiring pre-training. Additionally, synchronization of the target functions of heterogeneous executers was achieved through internal and external event conversions, thereby reducing the false positive rate caused by the heterogeneity of executers. Through theoretical analysis of the model, it was concluded that the detection accuracy of the IDHES model depends solely on the success rate of coordinated attacks by heterogeneous executers and the efficiency of target function synchronization. To verify the effectiveness of the model, a prototype MCU system based on the DHR architecture was constructed, and the target function synchronization method was implemented through internal and external event conversions. Finally, the attack detection capability of the model was tested using white-box instrumentation. The test results confirm the conclusion that the detection accuracy of the IDHES model depends solely on the success rate of coordinated attacks by heterogeneous executers and the efficiency of target function synchronization. Furthermore, the results demonstrate that IDHES can perform real-time detection of various types of attacks without relying on prior knowledge or pre-training.
