基于數據挖掘的入侵檢測技術研究
發(fā)布時間:2018-08-21 14:03
【摘要】:在網絡信息技術飛速發(fā)展的今天,網絡信息技術正在深刻地改變人們的生活方式。同時,網絡信息安全問題也逐漸成為影響人們生活的核心問題之一。入侵檢測技術是保護網絡信息安全的一種應用比較廣泛重要方法,它的主要特點是能夠對網絡系統(tǒng)進行主動保護。作為網絡信息安全的第二條防御戰(zhàn)線,入侵檢測技術可以對防火墻和信息加密等傳統(tǒng)的信息安全防御技術進行補充和擴展,與傳統(tǒng)安全防御手段相結合一起組成完善的信息安全防御體系。 數據挖掘是一種應用廣泛的數據分析和處理技術。數據挖掘技術能夠快速有效地對大數據進行分析和挖掘,從中找出有用和所需的知識信息。對于入侵檢測系統(tǒng)而言,從大量的網絡系統(tǒng)數據中發(fā)現與入侵行為相關的信息是實現入侵檢測的關鍵。將數據挖掘應用于入侵檢測當中,能夠有效發(fā)揮數據挖掘技術處理大數據的優(yōu)勢,從數據的角度發(fā)現入侵行為的本質特征,從而實現入侵檢測性能的有效提升。 本文對數據挖掘中常用的聚類、分類和特征提取等三種技術在入侵檢測中的應用進行了研究,以提高入侵檢測系統(tǒng)的檢測效果。首先針對傳統(tǒng)基于劃分的聚類算法在入侵檢測中的應用情況,為了解決檢測結果受初始聚類中心和數目設置影響的問題,采用能夠自動決定聚類中心和數目的仿射傳播聚類算法,與異常檢測技術相結合,建立一種入侵檢測系統(tǒng)。然后對分類算法在入侵檢測中的應用進行了研究,針對傳統(tǒng)KNN分類算法中無法得到最優(yōu)分類面的問題,提出了一種改進的KNN分類檢測算法,引入了本地超平面的概念,在傳統(tǒng)KNN分類算法的基礎上,根據測試樣本點到各類訓練樣本本地超平面的距離對測試樣本進行分類。最后對入侵檢測中的數據預處理模塊進行了研究,針對入侵檢測中原始數據含有大量冗余特征信息的問題,在HKNN分類算法的基礎上建立了一種線性判別分析方法,對原始數據進行特征提取,有效降低了數據維度,減少了入侵檢測系統(tǒng)的計算資源消耗。 最后通過對KDD CUP99數據集進行仿真實驗,對以上各種方法的可行性和有效性進行了驗證。
[Abstract]:With the rapid development of network information technology, network information technology is profoundly changing people's way of life. At the same time, network information security has gradually become one of the core issues affecting people's lives. Intrusion detection technology is an important and widely used method to protect the network information security. Its main characteristic is that it can protect the network system actively. As the second defense front of network information security, intrusion detection technology can supplement and extend traditional information security defense technologies such as firewalls and information encryption. A perfect information security defense system is formed by combining with traditional security defense methods. Data mining is a widely used technology of data analysis and processing. Data mining technology can quickly and effectively analyze and mine big data to find useful and needed knowledge information. For intrusion detection system, it is the key to realize intrusion detection to discover information related to intrusion behavior from a large amount of network system data. The application of data mining in intrusion detection can give full play to the advantages of data mining technology in dealing with big data and discover the essential characteristics of intrusion behavior from the point of view of data so as to realize the effective improvement of intrusion detection performance. In this paper, the application of clustering, classification and feature extraction in intrusion detection is studied in order to improve the detection effect of intrusion detection system. Firstly, aiming at the application of the traditional partition-based clustering algorithm in intrusion detection, in order to solve the problem that the detection results are affected by the initial clustering center and the number setting, Based on the affine propagation clustering algorithm which can automatically decide the cluster center and the number, an intrusion detection system is established by combining with anomaly detection technology. Then, the application of classification algorithm in intrusion detection is studied. Aiming at the problem that the traditional KNN classification algorithm can not get the optimal classification surface, an improved KNN classification detection algorithm is proposed, and the concept of local hyperplane is introduced. Based on the traditional KNN classification algorithm, the test samples are classified according to the distance from the test sample points to the local hyperplane of all kinds of training samples. Finally, the data preprocessing module in intrusion detection is studied. Aiming at the problem that the original data contains a lot of redundant feature information in intrusion detection, a linear discriminant analysis method is established on the basis of HKNN classification algorithm. The feature extraction of the original data can effectively reduce the data dimension and reduce the computational resource consumption of the intrusion detection system. Finally, the feasibility and effectiveness of the above methods are verified by the simulation of the KDD CUP99 data set.
【學位授予單位】:北京郵電大學
【學位級別】:碩士
【學位授予年份】:2014
【分類號】:TP393.08;TP311.13
[Abstract]:With the rapid development of network information technology, network information technology is profoundly changing people's way of life. At the same time, network information security has gradually become one of the core issues affecting people's lives. Intrusion detection technology is an important and widely used method to protect the network information security. Its main characteristic is that it can protect the network system actively. As the second defense front of network information security, intrusion detection technology can supplement and extend traditional information security defense technologies such as firewalls and information encryption. A perfect information security defense system is formed by combining with traditional security defense methods. Data mining is a widely used technology of data analysis and processing. Data mining technology can quickly and effectively analyze and mine big data to find useful and needed knowledge information. For intrusion detection system, it is the key to realize intrusion detection to discover information related to intrusion behavior from a large amount of network system data. The application of data mining in intrusion detection can give full play to the advantages of data mining technology in dealing with big data and discover the essential characteristics of intrusion behavior from the point of view of data so as to realize the effective improvement of intrusion detection performance. In this paper, the application of clustering, classification and feature extraction in intrusion detection is studied in order to improve the detection effect of intrusion detection system. Firstly, aiming at the application of the traditional partition-based clustering algorithm in intrusion detection, in order to solve the problem that the detection results are affected by the initial clustering center and the number setting, Based on the affine propagation clustering algorithm which can automatically decide the cluster center and the number, an intrusion detection system is established by combining with anomaly detection technology. Then, the application of classification algorithm in intrusion detection is studied. Aiming at the problem that the traditional KNN classification algorithm can not get the optimal classification surface, an improved KNN classification detection algorithm is proposed, and the concept of local hyperplane is introduced. Based on the traditional KNN classification algorithm, the test samples are classified according to the distance from the test sample points to the local hyperplane of all kinds of training samples. Finally, the data preprocessing module in intrusion detection is studied. Aiming at the problem that the original data contains a lot of redundant feature information in intrusion detection, a linear discriminant analysis method is established on the basis of HKNN classification algorithm. The feature extraction of the original data can effectively reduce the data dimension and reduce the computational resource consumption of the intrusion detection system. Finally, the feasibility and effectiveness of the above methods are verified by the simulation of the KDD CUP99 data set.
【學位授予單位】:北京郵電大學
【學位級別】:碩士
【學位授予年份】:2014
【分類號】:TP393.08;TP311.13
【參考文獻】
相關期刊論文 前10條
1 毛俐e,
本文編號:2195967
本文鏈接:http://www.sikaile.net/guanlilunwen/ydhl/2195967.html
最近更新
教材專著
