本文關(guān)鍵詞： 入侵檢測(cè) 人工免疫 多種群克隆選擇算法 匹配規(guī)則　出處：《華北理工大學(xué)》2015年碩士論文　論文類型：學(xué)位論文

【摘要】：在互聯(lián)網(wǎng)高速發(fā)展的時(shí)代,網(wǎng)絡(luò)安全越來越受到青睞,入侵檢測(cè)在其中的地位也與日俱增。傳統(tǒng)的入侵檢測(cè)方法對(duì)規(guī)則庫數(shù)據(jù)的依賴性較強(qiáng),且不能識(shí)別未知攻擊。研究者將人工免疫引入到檢測(cè)領(lǐng)域中,使得它在理論上有了新的突破�；谌斯っ庖叩娜肭謾z測(cè)是入侵檢測(cè)領(lǐng)域研究的一個(gè)新方向,它的研究取得了很多成果,但是仍然存在檢測(cè)率低、誤報(bào)率高的問題。所以,該領(lǐng)域的研究重點(diǎn)依然是通過不同的手段提高檢測(cè)效果。在深入了解入侵檢測(cè)和人工免疫的基礎(chǔ)上,針對(duì)現(xiàn)有免疫算法存在的優(yōu)缺點(diǎn),選取克隆選擇算法和多種群免疫算法進(jìn)行研究。將多種群免疫算法的并行機(jī)制、雜交算子、傳優(yōu)算子引入到克隆選擇算法中,結(jié)合這兩種算法的優(yōu)點(diǎn),提出了多種群克隆選擇算法。然后,結(jié)合kddcup99數(shù)據(jù)集的特點(diǎn),把經(jīng)過編碼、去重的四種攻擊類型數(shù)據(jù)作為多種群克隆選擇算法的初始種群進(jìn)行免疫操作,輸出最優(yōu)群體。對(duì)常用的基于字符串匹配的r-匹配規(guī)則進(jìn)行分析,通過概率匹配公式說明r值對(duì)匹配效果的影響,指出基于kdcup99數(shù)據(jù)集的二進(jìn)制字符串存在長(zhǎng)度過長(zhǎng)、不易測(cè)試最優(yōu)r值等問題,并針對(duì)存在的問題對(duì)該匹配算法做出了改進(jìn)。最后,通過kddcup99數(shù)據(jù)集對(duì)設(shè)計(jì)的免疫算法進(jìn)行仿真試驗(yàn)。根據(jù)正常數(shù)據(jù)遠(yuǎn)大于異常數(shù)據(jù)的原則,不同攻擊類型的測(cè)試數(shù)據(jù)集通過自體集進(jìn)行過濾,過濾后的數(shù)據(jù)與最優(yōu)群體進(jìn)行匹配,并對(duì)實(shí)驗(yàn)結(jié)果進(jìn)行分析。結(jié)果表明,設(shè)計(jì)的免疫算法能夠提高入侵檢測(cè)的檢測(cè)率。
[Abstract]:In the era of rapid development of the Internet, network security is more and more popular, and intrusion detection is becoming more and more important. Traditional intrusion detection methods rely heavily on rule-base data. The researchers introduced artificial immunity into the field of detection, which made it a new breakthrough in theory. Intrusion detection based on artificial immunity is a new direction in the field of intrusion detection. Its research has made a lot of achievements, but it still has the problems of low detection rate and high false alarm rate. The research focus in this field is still to improve the detection effect by different means. On the basis of in-depth understanding of intrusion detection and artificial immunity, the advantages and disadvantages of existing immune algorithms are pointed out. The parallel mechanism of multi-swarm immune algorithm, hybrid operator and optimal operator are introduced into the clonal selection algorithm, and the advantages of these two algorithms are combined. Then, considering the characteristics of kddcup99 data set, four kinds of attack type data, which are coded and removed, are used as the initial population of the multi-colony clone selection algorithm. The r-matching rule based on string matching is analyzed, the effect of r value on matching effect is explained by probability matching formula, and the length of binary string based on kdcup99 dataset is pointed out. It is difficult to test the optimal r value, and the matching algorithm is improved for the existing problems. Finally, the immune algorithm is simulated through the kddcup99 dataset. According to the principle that the normal data is far larger than the abnormal data, The test data sets of different attack types are filtered by autologous sets, the filtered data are matched with the optimal population, and the experimental results are analyzed. The results show that the designed immune algorithm can improve the detection rate of intrusion detection.
【學(xué)位授予單位】：華北理工大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2015
【分類號(hào)】：TP393.08;TP18

【參考文獻(xiàn)】

相關(guān)期刊論文 前4條

1 李向華;王鉦旋;呂天陽;車翔玖;;基于混沌和免疫應(yīng)答的增量聚類新算法[J];自動(dòng)化學(xué)報(bào);2010年02期

2 呂崗,陳小平,譚得健;免疫算法抗體濃度調(diào)節(jié)定義的改進(jìn)[J];數(shù)據(jù)采集與處理;2003年01期

3 陳真;;Hadoop云平臺(tái)的入侵檢測(cè)系統(tǒng)優(yōu)化設(shè)計(jì)[J];西安工業(yè)大學(xué)學(xué)報(bào);2012年09期

4 池靜;楊振宇;張婷;;一種檢測(cè)器的標(biāo)識(shí)學(xué)習(xí)和優(yōu)化算法[J];微電子學(xué)與計(jì)算機(jī);2013年08期

相關(guān)碩士學(xué)位論文 前1條

1 楊暉澤;基于動(dòng)態(tài)克隆選擇的自適應(yīng)免疫入侵檢測(cè)器優(yōu)化[D];太原理工大學(xué);2011年

，

本文編號(hào)：1520902