發(fā)布時(shí)間：2018-01-05 02:31

  本文關(guān)鍵詞：基于遷移學(xué)習(xí)的入侵檢測(cè)技術(shù)研究　出處：《中北大學(xué)》2015年碩士論文　論文類型：學(xué)位論文

  更多相關(guān)文章： 入侵檢測(cè) 遷移學(xué)習(xí) DNB DTNL

【摘要】：隨著計(jì)算機(jī)網(wǎng)絡(luò)技術(shù)的快速發(fā)展，入侵檢測(cè)技術(shù)作為一種積極主動(dòng)的網(wǎng)絡(luò)安全防護(hù)技術(shù)，在系統(tǒng)受到侵入之前進(jìn)行檢測(cè)和攔截，提供內(nèi)外部攻擊的實(shí)時(shí)保護(hù)，已經(jīng)成為當(dāng)前保障網(wǎng)絡(luò)安全的重要手段。然而，，在應(yīng)用于入侵檢測(cè)的現(xiàn)有算法中，在不同攻擊類型的檢測(cè)性能上存在著非平衡性，而且當(dāng)訓(xùn)練數(shù)據(jù)或有標(biāo)簽數(shù)據(jù)很少不足以訓(xùn)練較好的分類器時(shí)，則要求用戶重新收集大量的訓(xùn)練數(shù)據(jù)，這不僅困難而且成本較大。實(shí)際上，我們有大量的現(xiàn)有的或已過(guò)時(shí)的數(shù)據(jù)，與他們相關(guān)但是不同，其中部分?jǐn)?shù)據(jù)被期望重新用于解決新的問(wèn)題中。遷移學(xué)習(xí)適用于不同域或多任務(wù)學(xué)習(xí)，將遷移學(xué)習(xí)的理論應(yīng)用在現(xiàn)有的算法中，能夠起到很好的檢測(cè)效果。 本文主要完成以下內(nèi)容： （1）在研究了遷移學(xué)習(xí)理論的基礎(chǔ)上，結(jié)合遷移學(xué)習(xí)理論和分布式網(wǎng)絡(luò)集成算法（DNB）的基本思想，提出了分布式遷移網(wǎng)絡(luò)學(xué)習(xí)算法（DTNL），實(shí)驗(yàn)表明算法采用DTNL算法對(duì)網(wǎng)絡(luò)入侵中常見的四種異常行為檢測(cè)時(shí)，明顯比常規(guī)算法在R2L檢測(cè)率上有了顯著的提高，并且其他三種異常行為的檢測(cè)率也較高。 （2）在現(xiàn)有的通用入侵檢測(cè)框架（Commom Intrusion Detection Framework，CIDF）的基礎(chǔ)上，將DTNL算法引入到入侵檢測(cè)系統(tǒng)中，重點(diǎn)修改了數(shù)據(jù)預(yù)處理、分類器和規(guī)則學(xué)習(xí)等核心模塊，并添加了專家判別模塊，提出了一種基于遷移學(xué)習(xí)理論的入侵檢測(cè)模型框架。DTNL算法能夠明顯提高對(duì)四種攻擊類型的檢測(cè)平衡率。使得系統(tǒng)可以運(yùn)用在對(duì)準(zhǔn)確度和誤報(bào)率要求較高的場(chǎng)合，同時(shí)，專家判別模塊的添加能夠有效地降低系統(tǒng)的誤報(bào)率。 （3）最后使用了入侵檢測(cè)領(lǐng)域評(píng)測(cè)的基準(zhǔn)數(shù)據(jù)庫(kù)KDD CUP’99進(jìn)行了實(shí)驗(yàn)，驗(yàn)證了系統(tǒng)的可行性和有效性。
[Abstract]:With the rapid development of computer network technology, intrusion detection technology, as an active network security protection technology, detects and intercepts the system before it is invaded, and provides real-time protection of internal and external attacks. It has become an important means to ensure network security. However, in the existing algorithms applied to intrusion detection, there is an imbalance in the detection performance of different types of attacks. And when training data or tagged data are rarely enough to train better classifiers, users are required to re-collect a large number of training data, which is not only difficult but also costly. We have a lot of existing or outdated data that are relevant but different, some of which are expected to be reused to solve new problems. Migration learning applies to different domains or multitasking learning. The theory of transfer learning is applied to the existing algorithms, and the detection effect is very good. The main contents of this paper are as follows: 1) on the basis of studying the transfer learning theory and combining the transfer learning theory with the basic idea of distributed network integration algorithm (DNB), a distributed transfer network learning algorithm (DTNL) is proposed. Experimental results show that the DTNL algorithm is significantly higher than the conventional algorithm in the detection rate of R2L in the detection of four common abnormal behaviors in network intrusion. The detection rate of the other three abnormal behaviors is also high. Based on the existing universal intrusion detection framework, the Commom Intrusion Detection Framework. The DTNL algorithm is introduced into the intrusion detection system, and the core modules such as data preprocessing, classifier and rule learning are modified, and the expert discriminant module is added. This paper presents an intrusion detection model framework. DTNL algorithm based on migration learning theory, which can obviously improve the detection balance rate of four types of attacks, so that the system can be used to demand higher accuracy and false alarm rate. The occasion. At the same time, the addition of expert discrimination module can effectively reduce the false alarm rate of the system. Finally, KDD CUP'99, a benchmark database in intrusion detection field, is used to verify the feasibility and effectiveness of the system.
【學(xué)位授予單位】：中北大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2015
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前4條

1 肖云;韓崇昭;鄭慶華;趙婷;;基于粗糙集-支持向量機(jī)理論的過(guò)濾誤報(bào)警方法[J];電子與信息學(xué)報(bào);2007年12期

2 涂承勝;刁力力;魯明羽;陸玉昌;;Boosting家族AdaBoost系列代表算法[J];計(jì)算機(jī)科學(xué);2003年03期

3 卿斯?jié)h ,蔣建春 ,馬恒太 ,文偉平 ,劉雪飛;入侵檢測(cè)技術(shù)研究綜述[J];通信學(xué)報(bào);2004年07期

4 張琨,徐永紅,王珩,劉鳳玉;用于入侵檢測(cè)的貝葉斯網(wǎng)絡(luò)[J];小型微型計(jì)算機(jī)系統(tǒng);2003年05期

本文編號(hào)：1381203