中文摘要：

传统的网络入侵检测方法利用已知类型的攻击样本以离线的方式训练入侵检测模型，虽然对已知攻击类型具有较高的检测率，但是不能识别网络上新出现的攻击类型。这样的入侵检测系统存在着建立系统的速度慢、模型更新代价高等不足，面对规模日益扩大的网络和层出不穷的攻击，缺乏自适应性和扩展性，难以检测出网络上新出现的攻击类型。文中对GHSOM（Growing Hierarchical Self-Organizing Maps）神经网络模型进行了扩展，提出了一种基于增量式GHSOM神经网络模型的网络入侵检测方法，在不破坏已学习过的知识的同时，对在线检测过程中新出现的攻击类型进行增量式学习，实现对入侵检测模型的动态扩展。作者开发了一个基于增量式GHSOM神经网络模型的在线网络入侵检测原型系统，在局域网环境下开展了在线入侵检测实验。实验结果表明增量式GHSOM入侵检测方法具有动态自适应性，能够实现在线检测过程中对GHSOM模型的动态更新，而且对于网络上新出现的攻击类型，增量式GHSOM算法与传统GHSOM算法的检测率相当。

英文摘要：

Traditional network intrusion detection models are usually trained in off-line way byusing available types of intrusion samples.Although those well-known types of intrusions can bedetected with higher detection rate,it is very difficult to detect those upcoming unknown types ofnetwork intrusions through the existing traditional network intrusion detection models.Theseintrusion detection systems have some defects：the systems are usually established in lower speedand the models are updated in higher cost.Besides,facing the increasing network scale and growingtypes of attacks,the existing intrusion detection systems are lack of adaptability and scalability.This paper expands the GHSOM（Growing Hierarchical Self-organizing Maps）neural networkmodel and presents a network intrusion detection method based on dynamic incremental GHSOMneural network model.The improved GHSOMmodel can be updated in a dynamic and incrementalway by using those online-collected new types of intrusion data during online intrusion detection.This incremental model can be online implemented to detect the new-emerging types of networkintrusions without destroying the existing knowledge in the GHSOMmodel.We developed anintrusion detection prototype system based on the incremental GHSOMalgorithm,and the onlineintrusion detection experiments are carried out under the experimental LAN environment.Theexperiment results show that the intrusion detection method based on the incremental GHSOMalgorithm presented in this paper is dynamic and self-adaptive.The dynamic update of the GHSOMmodel has been verified through the experiment.Besides,the detection rate of ourincremental GHSOMalgorithm is similar with that of the traditional GHSOMalgorithm throughthe comparative experiment for those new-emerging types of network intrusions.