中文摘要：

针对目前入侵检测系统已使用的ARMA等线性检测方法，引入了动力学的混沌同步思想，提出了一种基于混沌同步的网络入侵检测方法，从非线性信号处理角度进行检测．使用高斯混合模型（GMM）结合期望最大化（EM）算法对网络数据流建模，估计GMM的3个参数向量．取待检测网络数据流参数向量与正常数据流参数向量的差值作为Liu混沌系统的混沌同步控制量，当待检测数据流存在入侵信号时，波形会产生振荡，只要选取适当的判决门限即可准确判定入侵信号．利用MIT林肯实验室DARPA数据库对系统进行仿真实验，并与ARMA模型相比，结果表明，所提出的方法对入侵检测具有更高的检测率和更低的误警率．

英文摘要：

An intrusion detection method based on chaotic synchronization was proposed. The network flow can be modeled by using Gaussian mixture model （GMM） combined with expectation maximization （EM） algorithm, and then the three parameter vectors can be estimated. By taking the difference between the normal flow data and the data for detection as Liu chaotic synchronization~s control measure, when it has intrusion signals, the wave plot would be oscillating, which is the feature of intrusion. When selecting the suitable threshold, the intrusion signals can be detected accurately. According to the simulations based on the DARPA datasets of MIT Lincoln lab and the comparisons with the intrusion detection system （IDS） based on autoregressive moving average （ARMA） model, the results show that the detective probabilities are higher and the false alarm rates are lower by using this proposed method.