本文選題：安全態(tài)勢(shì)感知 + 非均衡��； 參考：《天津理工大學(xué)》2014年碩士論文

【摘要】：現(xiàn)在的網(wǎng)絡(luò)安全問(wèn)題已經(jīng)是一個(gè)非常嚴(yán)重的問(wèn)題，如何能夠有效及時(shí)的發(fā)現(xiàn)網(wǎng)絡(luò)攻擊，預(yù)防網(wǎng)絡(luò)攻擊具有非常重要的意義，現(xiàn)有的網(wǎng)絡(luò)安全技術(shù)已經(jīng)難以滿(mǎn)足網(wǎng)絡(luò)管理。而基于融合技術(shù)的網(wǎng)絡(luò)安全態(tài)勢(shì)感知技術(shù)必然成為網(wǎng)絡(luò)管理的發(fā)展方向。 網(wǎng)絡(luò)安全態(tài)勢(shì)感知是應(yīng)用數(shù)據(jù)融合的方法，將來(lái)自不同安全檢測(cè)工具的報(bào)警信息進(jìn)行融合來(lái)分析當(dāng)前網(wǎng)絡(luò)的安全狀況，并根據(jù)當(dāng)前的狀態(tài)預(yù)測(cè)下一步網(wǎng)絡(luò)將會(huì)受到的攻擊行為。網(wǎng)絡(luò)非均衡數(shù)據(jù)異常分類(lèi)作為網(wǎng)絡(luò)安全態(tài)勢(shì)感知最重要的一個(gè)環(huán)節(jié)，為安全態(tài)勢(shì)提供非常重要的安全信息和決策。它運(yùn)用到的技術(shù)包括數(shù)據(jù)挖掘技術(shù)、融合技術(shù)以及可視化等技術(shù)。本文主要運(yùn)用數(shù)據(jù)挖掘相關(guān)技術(shù)，對(duì)整個(gè)網(wǎng)絡(luò)安全態(tài)勢(shì)感知中非均衡數(shù)據(jù)異常分類(lèi)進(jìn)行研究，這些數(shù)據(jù)是基于時(shí)間和主機(jī)的網(wǎng)絡(luò)流量統(tǒng)計(jì)，如何實(shí)現(xiàn)高效準(zhǔn)確的網(wǎng)絡(luò)非均衡數(shù)據(jù)異常分類(lèi)是網(wǎng)絡(luò)安全所面臨的一個(gè)嚴(yán)峻的挑戰(zhàn)。為了解決這個(gè)問(wèn)題，本文針對(duì)網(wǎng)絡(luò)數(shù)據(jù)的特點(diǎn)做了如下工作： （1）通過(guò)分析傳統(tǒng)的網(wǎng)絡(luò)數(shù)據(jù)異常分類(lèi)模型，結(jié)合數(shù)據(jù)的特點(diǎn)，針對(duì)異常分類(lèi)系統(tǒng)存在的兩個(gè)問(wèn)題在數(shù)據(jù)預(yù)處理階段做出改進(jìn)：一是數(shù)據(jù)屬性冗余和屬性權(quán)重問(wèn)題，運(yùn)用粗集理論對(duì)各個(gè)屬性賦予權(quán)重并進(jìn)行屬性約減；二是粗集理論中連續(xù)數(shù)據(jù)離散化問(wèn)題，提出了針對(duì)數(shù)據(jù)特點(diǎn)的自適應(yīng)離散化算法，該算法是根據(jù)屬性值分布來(lái)確定離散間隔。實(shí)驗(yàn)表明該算法相比其他算法提高了異常分類(lèi)的準(zhǔn)確率，而且減少了斷點(diǎn)數(shù)和剩余條件屬性個(gè)數(shù)，減少了空間維數(shù)，提高了異常分類(lèi)的效率。 （2）在異常分類(lèi)的階段，本文針對(duì)新異常分類(lèi)問(wèn)題和非均衡數(shù)據(jù)提出了解決辦法。隨著時(shí)間的推移、技術(shù)的進(jìn)步，網(wǎng)絡(luò)中會(huì)不斷出現(xiàn)新的異常類(lèi)，針對(duì)這一問(wèn)題提出了實(shí)時(shí)更新異常模型來(lái)解決新異常分類(lèi)問(wèn)題。另外一個(gè)問(wèn)題就是網(wǎng)絡(luò)中具體異常行為相對(duì)正常行為較低，導(dǎo)致數(shù)據(jù)分布非均衡，這樣對(duì)網(wǎng)絡(luò)具體異常分類(lèi)效率比較低。本文針對(duì)這一問(wèn)題提出先用單分類(lèi)器，來(lái)處理正常數(shù)據(jù)和異常數(shù)據(jù)的分類(lèi)，當(dāng)出現(xiàn)少數(shù)異常數(shù)據(jù)的時(shí)候再用快速最近鄰分類(lèi)器進(jìn)行分類(lèi)，，這樣在大部分時(shí)間內(nèi)是單分類(lèi)器在工作，大大減少了工作量提高了效率。 （3）基于以上提出的方法，應(yīng)用經(jīng)典的KDD99數(shù)據(jù)完成算法的仿真實(shí)驗(yàn)，實(shí)驗(yàn)對(duì)比了其他相應(yīng)的算法。實(shí)驗(yàn)結(jié)果證明本文提出的算法高效性和準(zhǔn)確性。
[Abstract]:Now the network security problem is a very serious problem, how to find the network attack effectively and timely, prevent the network attack has a very important significance, the existing network security technology has been difficult to meet the network management. The technology of network security situation awareness based on fusion technology is bound to become the development direction of network management. Network security situational awareness (NSAS) is a method of data fusion, which combines the alarm information from different security detection tools to analyze the current network security situation, and predicts the next attack behavior of the network according to the current state. As the most important link of network security situation awareness, network disequilibrium data anomaly classification provides very important security information and decision-making for security situation. The technologies used include data mining, fusion and visualization. This paper mainly uses data mining technology to study the abnormal classification of unbalanced data in the whole network security situation awareness. These data are based on time and host network traffic statistics. How to realize efficient and accurate abnormal classification of network disequilibrium data is a severe challenge to network security. In order to solve this problem, this paper has done the following work according to the characteristics of network data: 1) by analyzing the traditional network data anomaly classification model and combining the characteristics of the data, two problems existing in the anomaly classification system are improved in the data preprocessing stage: one is the data attribute redundancy and the attribute weight problem, the other is the data attribute redundancy and attribute weight. The rough set theory is used to give weight to each attribute and reduce the attribute. Secondly, the discretization problem of continuous data in rough set theory is discussed, and an adaptive discretization algorithm is proposed to deal with the characteristics of the data. The algorithm is based on the distribution of attribute values to determine the discrete interval. Experiments show that compared with other algorithms, the algorithm improves the accuracy of anomaly classification, reduces the number of breakpoints and the number of residual attributes, reduces the spatial dimension and improves the efficiency of anomaly classification. 2) in the phase of abnormal classification, this paper proposes a solution to the problem of new abnormal classification and unbalanced data. With the development of technology and time, new abnormal classes will appear in the network. To solve this problem, a real-time update anomaly model is proposed to solve the problem of new exception classification. Another problem is that the specific abnormal behavior in the network is relatively low, which leads to the disequilibrium of the data distribution, so the classification efficiency of the network specific anomalies is relatively low. In order to solve this problem, a single classifier is proposed to deal with the classification of normal and abnormal data first, and then a fast nearest neighbor classifier is used to classify the abnormal data when there are a few abnormal data. In this way, the single classifier is working for most of the time, which greatly reduces the workload and improves the efficiency. Based on the above method, the simulation experiment of the algorithm is completed by using the classical KDD99 data, and the other algorithms are compared. The experimental results show that the proposed algorithm is efficient and accurate.
【學(xué)位授予單位】：天津理工大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類(lèi)號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前4條

1 趙軍;張顯躍;;基于粗集理論的數(shù)據(jù)離散化技術(shù)研究[J];重慶郵電學(xué)院學(xué)報(bào)(自然科學(xué)版);2006年06期

2 趙軍,王國(guó)胤,吳中福,李華;基于粗集理論的數(shù)據(jù)離散化新算法[J];重慶大學(xué)學(xué)報(bào)(自然科學(xué)版);2002年03期

3 陳秀真;鄭慶華;管曉宏;林晨光;;層次化網(wǎng)絡(luò)安全威脅態(tài)勢(shì)量化評(píng)估方法[J];軟件學(xué)報(bào);2006年04期

4 龔正虎;卓瑩;;網(wǎng)絡(luò)態(tài)勢(shì)感知研究[J];軟件學(xué)報(bào);2010年07期

相關(guān)博士學(xué)位論文 前3條

1 王娟;大規(guī)模網(wǎng)絡(luò)安全態(tài)勢(shì)感知關(guān)鍵技術(shù)研究[D];電子科技大學(xué);2010年

2 周俊臨;基于數(shù)據(jù)挖掘的分布式異常檢測(cè)[D];電子科技大學(xué);2010年

3 努爾布力;基于數(shù)據(jù)挖掘的異常檢測(cè)和多步入侵警報(bào)關(guān)聯(lián)方法研究[D];吉林大學(xué);2010年

本文編號(hào)：1838858