【摘要】：伴隨著互聯(lián)網(wǎng)技術(shù)的不斷發(fā)展及其在各領(lǐng)域的廣泛使用,網(wǎng)絡(luò)安全問題顯得尤為突出和重要。傳統(tǒng)的網(wǎng)絡(luò)防護手段主要采用防火墻和訪問控制等被動防御方式,已經(jīng)難以滿足日益復雜的網(wǎng)絡(luò)入侵行為。入侵檢測作為一種主動式防御的網(wǎng)絡(luò)安全技術(shù),能夠迅速識別入侵行為,并做出警告響應(yīng),適用于不同的網(wǎng)絡(luò)環(huán)境。但是未知的入侵手段在人們認識之前難以發(fā)覺,造成攻擊行為漏報,給網(wǎng)絡(luò)的安全帶來了隱患。 本文將結(jié)合分布式架構(gòu)和數(shù)據(jù)挖掘技術(shù)來增強入侵檢測的準確性、有效性、處理能力和預測能力。首先介紹了目前常用的入侵檢測模型、技術(shù)分類和體系結(jié)構(gòu),對它們的優(yōu)缺點做了分析和比較,同時闡述了數(shù)據(jù)挖掘中的數(shù)據(jù)預處理、分類分析和聚類分析技術(shù)的原理和工作流程,及其在入侵檢測中的應(yīng)用。 鑒于現(xiàn)有的入侵檢測系統(tǒng)存在的問題和不足,本文設(shè)計了基于分布式架構(gòu)的網(wǎng)絡(luò)入侵檢測系統(tǒng),并給出了各個功能模塊的詳細設(shè)計和實現(xiàn)。本系統(tǒng)由一個主控節(jié)點服務(wù)器和若干檢測代理節(jié)點組成,代理檢測節(jié)點根據(jù)本地的檢測規(guī)則負責各自網(wǎng)域內(nèi)數(shù)據(jù)流的檢測任務(wù),在檢測到未知行為時交由主控節(jié)點服務(wù)器對其預測,并定義了節(jié)點間交換消息的格式。針對分布式的系統(tǒng)架構(gòu)和孤立點的挖掘思想,設(shè)計了一種分布式環(huán)境下的全監(jiān)督隸屬度分類算法(DFMCA),使得IDS具有快速對未知行為的預測能力,而不影響檢測模塊的正常工作,并期望達到比已有分類算法更高的準確率。 最后,通過對系統(tǒng)各模塊的測試實驗,證實了本系統(tǒng)具有很強的處理能力、預測能力、靈活性和可擴展性,有效的降低了漏報率和誤報率,并給出了結(jié)果分析和本課題下一步工作的展望。
[Abstract]:With the continuous development of Internet technology and its wide use in various fields, network security issues are particularly prominent and important. The traditional methods of network protection are mainly passive defense such as firewall and access control, so it is difficult to meet the increasingly complex network intrusion behavior. As an active defense network security technology, intrusion detection can quickly identify intrusion behavior and make warning response, which is suitable for different network environments. However, unknown intrusion methods are difficult to detect before people know, resulting in underreporting of attacks, which brings hidden dangers to network security. This paper combines distributed architecture and data mining technology to enhance the accuracy, effectiveness, processing ability and prediction ability of intrusion detection. Firstly, the commonly used intrusion detection models, technology classification and architecture are introduced, and their advantages and disadvantages are analyzed and compared. At the same time, the data preprocessing in data mining is expounded. The principle and workflow of classification analysis and clustering analysis, and its application in intrusion detection. In view of the existing problems and shortcomings of the existing intrusion detection system, this paper designs a network intrusion detection system based on distributed architecture, and gives the detailed design and implementation of each functional module. The system consists of a main control node server and a number of detection agent nodes. The agent detection node is responsible for the detection of the data flow in their respective domain according to the local detection rules. When the unknown behavior is detected, it is predicted by the master node server, and the format of exchanging messages between the nodes is defined. Aiming at the distributed system architecture and the idea of outlier mining, a fully supervised membership classification algorithm (DFMCA),) in distributed environment is designed, which makes IDS have the ability to predict unknown behavior quickly. It does not affect the normal operation of the detection module and expects to achieve higher accuracy than the existing classification algorithm. Finally, through the test of each module of the system, it is proved that the system has strong processing ability, prediction ability, flexibility and expansibility, and effectively reduces the false alarm rate and false alarm rate. The analysis of the results and the prospect of the future work of this subject are also given.
【學位授予單位】：北京郵電大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP393.08

【參考文獻】

相關(guān)期刊論文 前9條

1 柴平渲,龔向陽,程時端;分布式入侵檢測技術(shù)的研究[J];北京郵電大學學報;2002年02期

2 羅敏,王麗娜,張煥國;基于無監(jiān)督聚類的入侵檢測方法[J];電子學報;2003年11期

3 譚小彬,王衛(wèi)平,奚宏生,殷保群;計算機系統(tǒng)入侵檢測的隱馬爾可夫模型[J];計算機研究與發(fā)展;2003年02期

4 胡文瑜;孫志揮;吳英杰;;數(shù)據(jù)挖掘取樣方法研究[J];計算機研究與發(fā)展;2011年01期

5 張勇,張德運,李勝磊;基于分布協(xié)作式代理的網(wǎng)絡(luò)入侵檢測技術(shù)的研究與實現(xiàn)[J];計算機學報;2001年07期

6 蔡忠閩,管曉宏,邵萍,彭勤科,孫國基;基于粗糙集理論的入侵檢測新方法[J];計算機學報;2003年03期

7 馬恒太,蔣建春,陳偉鋒,卿斯?jié)h;基于Agent的分布式入侵檢測系統(tǒng)模型[J];軟件學報;2000年10期

8 李旺,吳禮發(fā),胡谷雨;分布式網(wǎng)絡(luò)入侵檢測系統(tǒng)NetNumen的設(shè)計與實現(xiàn)[J];軟件學報;2002年08期

9 饒鮮,董春曦,楊紹全;基于支持向量機的入侵檢測系統(tǒng)[J];軟件學報;2003年04期

，

本文編號：2365238