本文選題：入侵檢測(cè) + 聚類分析��； 參考：《深圳大學(xué)》2015年碩士論文

【摘要】：近年網(wǎng)絡(luò)技術(shù)飛速發(fā)展,網(wǎng)絡(luò)安全問(wèn)題也變得愈發(fā)突出,為了更好的應(yīng)對(duì)安全問(wèn)題很多學(xué)者對(duì)入侵檢測(cè)技術(shù)進(jìn)行研究,以期入侵檢測(cè)系統(tǒng)能進(jìn)一步的保障我們所處網(wǎng)絡(luò)的安全。入侵檢測(cè)系統(tǒng)的核心部分在于入侵分析模塊,目前對(duì)于入侵分析模塊所采用的分析技術(shù)的研究可謂“百花齊放”,入侵分析可直觀的看成是一個(gè)數(shù)據(jù)挖掘的過(guò)程,而聚類分析技術(shù)可以對(duì)海量的網(wǎng)絡(luò)數(shù)據(jù)進(jìn)行知識(shí)挖掘,能較好的應(yīng)用于入侵行為的識(shí)別分析中,現(xiàn)在也已經(jīng)被廣泛的應(yīng)用在入侵檢測(cè)系統(tǒng)中。本文中將具體的聚類分析方法與入侵檢測(cè)相結(jié)合,對(duì)經(jīng)典的K-means、Fuzzy ART、Kohonen聚類算法進(jìn)行深入研究,分析這三種算法的特點(diǎn)和不足,針對(duì)這幾個(gè)算法存在的問(wèn)題提出了兩種較優(yōu)的改進(jìn)算法,并將改進(jìn)算法用于網(wǎng)絡(luò)入侵?jǐn)?shù)據(jù)的檢測(cè)中,最后實(shí)驗(yàn)仿真比較改進(jìn)算法用于入侵檢測(cè)的效果。論文主要工作內(nèi)容有如下幾點(diǎn):(1)從KDD CUP99數(shù)據(jù)集中提取實(shí)驗(yàn)數(shù)據(jù)。KDD CUP99數(shù)據(jù)集是用于入侵分析的標(biāo)準(zhǔn)數(shù)據(jù)集,很多學(xué)者對(duì)于入侵檢測(cè)的研究都是基于該數(shù)據(jù)集,本文所使用的其中一組實(shí)驗(yàn)數(shù)據(jù)來(lái)源于該數(shù)據(jù)集,本文深入地研究了KDD CUP99數(shù)據(jù)集并通過(guò)主成分分析法從中提取降了維的入侵?jǐn)?shù)據(jù),得到的降維數(shù)據(jù)仍保留了原始數(shù)據(jù)的主要信息。(2)提出基于Fuzzy ART的改進(jìn)K-means算法。利用Fuzzy ART聚類過(guò)程中能自動(dòng)生成新節(jié)點(diǎn)的特性,對(duì)原始數(shù)據(jù)進(jìn)行初步的聚類,為K-means提供符合數(shù)據(jù)分布的類中心和類個(gè)數(shù)K。(3)改進(jìn)Kohonen網(wǎng)絡(luò)學(xué)習(xí)的權(quán)值調(diào)整方式。在傳統(tǒng)Kohonen網(wǎng)絡(luò)的學(xué)習(xí)過(guò)程中引入隸屬度,基于隸屬度的方式進(jìn)行獲勝領(lǐng)域神經(jīng)元學(xué)習(xí),改進(jìn)的學(xué)習(xí)方式使得神經(jīng)元的學(xué)習(xí)更能反映樣本的特性。(4)實(shí)驗(yàn)分析。用傳統(tǒng)Fuzzy ART、K-means及改進(jìn)的FART K-means算法在兩組不同的標(biāo)準(zhǔn)網(wǎng)絡(luò)入侵?jǐn)?shù)據(jù)集上進(jìn)行對(duì)比實(shí)驗(yàn),結(jié)果表明改進(jìn)的FART K-means算法在檢測(cè)準(zhǔn)確率和聚類速度上都有一定程度的提高。同樣,使用傳統(tǒng)Kohonen和改進(jìn)的I-Kohonen算法進(jìn)行仿真對(duì)比實(shí)驗(yàn),結(jié)果表明改進(jìn)的I-Kohonen算法對(duì)入侵?jǐn)?shù)據(jù)的檢測(cè)能在保持運(yùn)行速度的情況下提高檢測(cè)率。本文提出的兩種改進(jìn)算法應(yīng)用在入侵?jǐn)?shù)據(jù)聚類分析中都取得了較滿意的結(jié)果,能較好的完成對(duì)入侵?jǐn)?shù)據(jù)的檢測(cè)。整個(gè)論文的創(chuàng)新點(diǎn)主要有兩點(diǎn):(1)改進(jìn)了K-means算法的K值選取方法和中心選擇方法;(2)優(yōu)化了Kohonen網(wǎng)絡(luò)的權(quán)值學(xué)習(xí)方式。
[Abstract]:In recent years, with the rapid development of network technology, network security issues have become more and more prominent. In order to better deal with security problems, many scholars study intrusion detection technology in order to further ensure the security of our network. The core part of the intrusion detection system is the intrusion analysis module. At present, the research on the analysis technology used in the intrusion analysis module can be described as "a hundred flowers blossom", and the intrusion analysis can be viewed as a process of data mining. Clustering analysis technology can be used for knowledge mining of massive network data, and can be applied to intrusion identification and analysis. Now it has been widely used in intrusion detection system. In this paper, the classical K-means-fuzzy ARTN Kohonen clustering algorithm is deeply studied by combining the specific clustering analysis method with the intrusion detection method, and the characteristics and shortcomings of the three algorithms are analyzed. Aiming at the problems of these algorithms, two improved algorithms are put forward, and the improved algorithms are applied to the detection of network intrusion data. Finally, the effect of the improved algorithm in intrusion detection is compared by simulation. The main work of this paper is as follows: 1) extracting experimental data from KDD CUP99 dataset. KDD CUP99 dataset is a standard data set for intrusion analysis. One of the experimental data used in this paper is derived from the data set. In this paper, the KDD CUP99 data set is deeply studied and the dimensionally reduced intrusion data is extracted by principal component analysis (PCA). The obtained dimensionality reduction data still retains the main information of the original data. (2) an improved K-means algorithm based on Fuzzy ART is proposed. Taking advantage of the feature that new nodes can be generated automatically in the process of Fuzzy ART clustering, the primary clustering of raw data is carried out, which provides K-means with a class center that accords with data distribution and the number of classes K. ~ (3) and improves the weight adjustment method of Kohonen network learning. Membership degree is introduced into the learning process of traditional Kohonen network, and neuron learning in winning domain is carried out based on membership degree. The improved learning method makes neuron learning more reflective of the characteristics of the sample. The traditional Fuzzy ART K-means and the improved FART K-means algorithm are compared on two sets of standard network intrusion data sets. The results show that the improved FART K-means algorithm can improve the detection accuracy and clustering speed to a certain extent. In the same way, the traditional Kohonen algorithm and the improved I-Kohonen algorithm are used to carry out the simulation and contrast experiments. The results show that the improved I-Kohonen algorithm can improve the detection rate of intrusion data under the condition of keeping the running speed. The two improved algorithms proposed in this paper have been applied to the clustering analysis of intrusion data with satisfactory results, and the intrusion data can be detected well. The main innovations of the whole paper are two points: 1) improving the K-means algorithm's K-value selection method and the center selection method / 2) optimizing the weight learning method of Kohonen network.
【學(xué)位授予單位】：深圳大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2015
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 紀(jì)祥敏;寧正元;林大輝;;誤用檢測(cè)技術(shù)研究[J];福建電腦;2006年02期

2 薛京花;劉震宇;崔適時(shí);;對(duì)K-means算法初始聚類中心選取的優(yōu)化[J];電子世界;2012年05期

3 蔣少華;胡華平;;入侵檢測(cè)系統(tǒng)的評(píng)估指標(biāo)體系[J];計(jì)算機(jī)應(yīng)用研究;2006年11期

4 羅利民;周震;;基于IPV6的網(wǎng)絡(luò)安全入侵檢測(cè)技術(shù)研究[J];科技通報(bào);2012年04期

5 徐守坤;王薇;樂(lè)光學(xué);;IWO-Kohonen聚類算法在IDS中的應(yīng)用[J];計(jì)算機(jī)工程;2014年01期

6 陳穎悅;;一種基于聚類算法的網(wǎng)絡(luò)入侵檢測(cè)應(yīng)用[J];廈門理工學(xué)院學(xué)報(bào);2014年01期

7 段海新,吳建平;一種分布式協(xié)同入侵檢測(cè)系統(tǒng)的設(shè)計(jì)與實(shí)現(xiàn)[J];軟件學(xué)報(bào);2001年09期

8 張新有;曾華q，

本文編號(hào)：1815645