本文選題：模型檢測(cè) + 入侵檢測(cè)　； 參考：《鄭州大學(xué)》2014年碩士論文

【摘要】：隨著網(wǎng)絡(luò)攻擊種類(lèi)越來(lái)越多樣化、攻擊手段越來(lái)越復(fù)雜，入侵檢測(cè)技術(shù)日益受到重視。入侵檢測(cè)是一種重要的網(wǎng)絡(luò)安全技術(shù)，根據(jù)檢測(cè)原理不同，該技術(shù)可被劃分為誤用檢測(cè)和異常檢測(cè)。由于異常檢測(cè)的誤報(bào)率較高，因此國(guó)際上已部署的入侵檢測(cè)系統(tǒng)大多采用的是誤用檢測(cè)的方法。然而，面對(duì)網(wǎng)絡(luò)中大量存在的日益復(fù)雜變化的攻擊模式，基于模式匹配的入侵檢測(cè)技術(shù)的檢測(cè)能力嚴(yán)重不足。為此，基于模型檢測(cè)的入侵檢測(cè)技術(shù)被法國(guó)學(xué)者提出。 與基于模式匹配的入侵檢測(cè)（Intrusion Detection）相比，基于模型檢測(cè)的入侵檢測(cè)方法可有效提升對(duì)復(fù)雜變化攻擊的檢測(cè)能力。然而，對(duì)當(dāng)前的基于模型檢測(cè)的入侵檢測(cè)方法而言，仍存在若干問(wèn)題有待解決。首先，目前的方法均為針對(duì)特定的某一種或某幾種來(lái)建模，仍然缺乏針對(duì)網(wǎng)絡(luò)攻擊的一般過(guò)程建模的模型。其次，缺乏一種平臺(tái)可以為此類(lèi)方法的性能比較提供依據(jù)。本文正是基于這兩個(gè)問(wèn)題開(kāi)展研究，，所完成的主要工作如下： 1.在定義網(wǎng)絡(luò)攻擊的通用過(guò)程和網(wǎng)絡(luò)攻擊模型公式的基礎(chǔ)上，本文提出了基于區(qū)間時(shí)序邏輯的網(wǎng)絡(luò)攻擊的通用模型。該通用模型可涵蓋網(wǎng)絡(luò)攻擊的一般過(guò)程。在新模型的基礎(chǔ)之上實(shí)施入侵檢測(cè)有助于把基于模型檢測(cè)的入侵檢測(cè)技術(shù)推廣到多類(lèi)型攻擊檢測(cè)。 2.在研究了KDDCUP99的四大類(lèi)攻擊的攻擊原理的基礎(chǔ)上，針對(duì)KDDCUP99的訓(xùn)練集中13種攻擊類(lèi)型，將其具體攻擊細(xì)節(jié)轉(zhuǎn)化動(dòng)作序列，并且將動(dòng)作序列分解為日志文件中的原子動(dòng)作行為，給出了每種攻擊的時(shí)序邏輯公式，構(gòu)建了13種攻擊類(lèi)型的攻擊模型公式，為同類(lèi)入侵檢測(cè)方法的性能比較奠定了基礎(chǔ)，并且為實(shí)現(xiàn)攻擊類(lèi)型的能力檢測(cè)提供一個(gè)技術(shù)框架。
[Abstract]:With the variety of network attacks and the complexity of attack methods, intrusion detection technology has been paid more and more attention. Intrusion detection is an important network security technology. According to the principle of detection, it can be divided into misuse detection and anomaly detection. Because of the high false alarm rate of anomaly detection, most of the intrusion detection systems deployed in the world adopt the method of misuse detection. However, in the face of a large number of increasingly complex attack patterns, the detection ability of intrusion detection technology based on pattern matching is seriously inadequate. Therefore, the intrusion detection technology based on model detection is proposed by French scholars. Compared with intrusion detection based on pattern matching, intrusion detection based on model detection can effectively improve the ability to detect complex change attacks. However, for the current intrusion detection methods based on model detection, there are still some problems to be solved. First of all, the current methods are based on one or several specific models, and still lack a general process modeling model for network attacks. Secondly, the lack of a platform can provide a basis for the performance comparison of such methods. This paper is based on these two issues to carry out research, the main work accomplished as follows: 1. On the basis of defining the general process of network attack and the formula of network attack model, this paper presents a general model of network attack based on interval temporal logic. The general model can cover the general process of network attack. The implementation of intrusion detection based on the new model is helpful to extend the model-based intrusion detection technology to multi-type attack detection. 2. On the basis of studying the attack principle of KDDCUP99's four kinds of attacks, this paper focuses on 13 kinds of attack types of KDDCUP99, transforms the specific attack details into action sequence, and decomposes the action sequence into atomic action behavior in log file. The temporal logic formula of each attack is given, and the attack model formula of 13 attack types is constructed, which lays a foundation for the performance comparison of similar intrusion detection methods, and provides a technical framework for the ability detection of attack types.
【學(xué)位授予單位】：鄭州大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類(lèi)號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前5條

1 林惠民,張文輝;模型檢測(cè):理論、方法與應(yīng)用[J];電子學(xué)報(bào);2002年S1期

2 周清雷;張兵;席琳;;基于模型檢測(cè)的系統(tǒng)生存性分析[J];計(jì)算機(jī)工程;2012年17期

3 張新有;曾華q

本文編號(hào)：1940900