【摘要】：隨著信息技術和網絡技術飛速發(fā)展,我們從網絡上獲取信息資源變得更為豐富,便捷的交流方式極大地縮小了人與人之間的距離,但與此同時,這也給我們計算機安全方面帶來了極大的威脅,信息網絡安全問題的重要性也逐漸凸顯出來。及時有效的發(fā)現(xiàn)網絡中的攻擊或異常行為已經成為了網絡安全領域中的一個非常重要的課題。傳統(tǒng)的網絡異常入侵檢測算法一般需要用已打標的數(shù)據(jù)庫來訓練模型,而這些標記數(shù)據(jù)庫在實際網絡環(huán)境中獲取成本較高,且對于未訓練過的新出現(xiàn)的異常數(shù)據(jù)流量束手無策。數(shù)據(jù)挖掘是一種十分常用的數(shù)據(jù)處理技術,可以從大量的數(shù)據(jù)中挖掘出潛在的符合事實的規(guī)則或知識。數(shù)據(jù)挖掘中的聚類是一種較好的無監(jiān)督的學習方法,直接在無標簽的數(shù)據(jù)集上建立檢測模型,用以發(fā)現(xiàn)已知或未知的異常數(shù)據(jù),因此無監(jiān)督聚類經常與網絡異常流量檢測技術相結合�；谝陨舷嚓P研究背景,本文在分析實際網絡環(huán)境流量的基礎上,采用了基于熵知識的數(shù)據(jù)特征提取方法,有效地降低了實時網絡原數(shù)據(jù)的復雜度。在密度峰值聚類算法的基礎上,創(chuàng)新地提出了基于密度的異常權值度量方法,進而構建出一種新的基于密度異常權值和子空間聚類的無監(jiān)督異常流量檢測模型,計算在每個子空間上流量的異常權值并排序后得出最終異常流量,避免了聚類完成后才能檢測的方式,從而極大地降低了計算復雜度;同時也提出了另一種基于距離的異常權值度量方法,并在此基礎上與K-means聚類算法結合構建出新的無監(jiān)督異常流量檢測模型。這兩種方法都克服了傳統(tǒng)網絡異常流量檢測模型的對于標記數(shù)據(jù)集的依賴,較大地提高了實時異常流量的準確率和查全率,同時也顯著地降低了檢測時間。最后在真實環(huán)境中的某信息安全公司內網數(shù)據(jù)集上和模擬數(shù)據(jù)集KDD Cup99上對檢測模型進行實驗分析驗證,結果表明提出的檢測模型對于提高檢測準確率和降低誤檢率均有顯著的效果。
[Abstract]:With the rapid development of information technology and network technology, we get more information resources from the network, and the convenient way of communication has greatly reduced the distance between people, but at the same time, This also brings great threat to our computer security, and the importance of information network security becomes more and more important. It has become a very important topic in the field of network security to detect attacks or abnormal behaviors in network in time and effectively. The traditional network anomaly intrusion detection algorithms generally need to use marked databases to train the model, but these tagged databases are expensive to obtain in the actual network environment, and there is no way to deal with the untrained new abnormal data flow. Data mining is a very common data processing technology, which can extract the rules or knowledge from a large amount of data. Clustering in data mining is a better unsupervised learning method, which directly builds detection model on untagged data sets to find known or unknown abnormal data. Therefore, unsupervised clustering is often combined with network anomaly detection technology. Based on the above research background, based on the analysis of the actual network traffic, this paper adopts the method of feature extraction based on entropy knowledge, which effectively reduces the complexity of the original data of real-time network. Based on the density peak clustering algorithm, a new density based outlier weight measurement method is proposed, and a new unsupervised anomaly flow detection model based on density anomaly weight and subspace clustering is constructed. The outlier weight of traffic on each subspace is calculated and sorted to get the final abnormal flow, which avoids the detection method after clustering is completed, thus greatly reducing the computational complexity. At the same time, another method of outlier weight measurement based on distance is proposed, and a new unsupervised anomaly flow detection model is constructed by combining with K-means clustering algorithm. These two methods can overcome the dependence of the traditional network anomaly traffic detection model on the marked data set and greatly improve the accuracy and recall of real-time abnormal traffic. At the same time the detection time is significantly reduced. Finally, the detection model is tested and verified on the data set of a certain information security company and the simulated data set KDD Cup99 in the real environment. The results show that the proposed detection model can improve the detection accuracy and reduce the false detection rate.
【學位授予單位】：重慶郵電大學
【學位級別】：碩士
【學位授予年份】：2016
【分類號】：TP393.08

【參考文獻】

相關期刊論文 前4條

1 林果園;曹天杰;;入侵檢測系統(tǒng)研究綜述[J];計算機應用與軟件;2009年03期

2 胡_g;李智玲;李春偉;;一種基于區(qū)分矩陣的屬性約簡算法[J];計算機工程與應用;2007年09期

3 羅敏,王麗娜,張煥國;基于無監(jiān)督聚類的入侵檢測方法[J];電子學報;2003年11期

4 李輝,管曉宏,昝鑫,韓崇昭;基于支持向量機的網絡入侵檢測[J];計算機研究與發(fā)展;2003年06期

，

本文編號：2229551