本文選題：行為分析庫　切入點(diǎn)：專家系統(tǒng)　出處：《河南工業(yè)大學(xué)》2014年碩士論文　論文類型：學(xué)位論文

【摘要】：隨著計算機(jī)網(wǎng)絡(luò)技術(shù)的飛速發(fā)展，信息網(wǎng)絡(luò)已經(jīng)成為社會發(fā)展的重要支柱力量，由于網(wǎng)絡(luò)信息中有很多是敏感信息，甚至是國家機(jī)密，所以難免會吸引來自世界各地的木馬程序的攻擊，從而竊取用戶的重要信息，傳統(tǒng)的木馬檢測技術(shù)在許多方面都有不足和缺陷，尤其是針對未知木馬的檢測難度更是不言而喻。傳統(tǒng)檢測模型在檢測過程中更是沒有考慮到網(wǎng)絡(luò)攻擊的不確定性因素，從而導(dǎo)致誤報率的增加。而濫用檢測系統(tǒng)的專家知識庫具有的自學(xué)習(xí)性和自適應(yīng)性可以很好的彌補(bǔ)傳統(tǒng)檢測技術(shù)的缺陷。模糊行為庫的建立也在一定程度上考慮了攻擊行為的不確定性，從而提升檢測能力。本文在深入研究行為分析算法的基礎(chǔ)上，，將模糊行為分析庫應(yīng)用到木馬檢測過程中，主要做了如下研究工作： （1）研究木馬發(fā)展歷史以及國內(nèi)外現(xiàn)狀，闡釋木馬檢測原理與工作機(jī)制，對常見木馬程序的攻擊特點(diǎn)進(jìn)行分類，對比靜態(tài)檢測技術(shù)與動態(tài)檢測技術(shù)之間的區(qū)別，并分析優(yōu)缺點(diǎn)。 （2）闡釋濫用檢測是針對已知（類似）的攻擊行為和間接違背系統(tǒng)安全策略行為的檢測，攻擊系統(tǒng)缺陷知識庫往往是是濫用檢測的基礎(chǔ)。結(jié)合基于行為分析的木馬檢測技術(shù)的常見原理和算法，設(shè)計實現(xiàn)模糊行為庫，分析這些算法在木馬檢測中的重要性和實用性。 （3）研究模糊行為規(guī)則的建立的過程，在傳統(tǒng)的基于特征碼的檢測算法的基礎(chǔ)上提出了基于行為分析的木馬檢測模式，對模糊行為分析模塊分析的結(jié)果進(jìn)行去模糊化，最終使檢測模型性能得到提升。 （4）構(gòu)建一個虛擬的網(wǎng)絡(luò)環(huán)境，對整體模型進(jìn)行實驗測試。證明模糊行為分析算法在提高檢測正確率和降低誤報率兩個方面都能取得較好效果。
[Abstract]:With the rapid development of computer network technology, information network has become an important pillar of social development. Therefore, it will inevitably attract attacks from Trojan programs from all over the world, thereby stealing important information from users. The traditional Trojan detection technology has shortcomings and defects in many aspects. Especially the difficulty of detecting the unknown Trojan horse is self-evident. The traditional detection model does not take into account the uncertain factors of network attack in the detection process. The self-study habit and self-adaptability of the expert knowledge base of misuse detection system can make up the defects of traditional detection technology. The establishment of fuzzy behavior database is also considered to a certain extent. The uncertainty of the attack, In order to improve the detection ability. Based on the in-depth study of behavior analysis algorithm, this paper applies fuzzy behavior analysis library to Trojan horse detection process, mainly do the following research work:. 1) studying the history of Trojan horse development and the present situation at home and abroad, explaining the detection principle and working mechanism of Trojan horse, classifying the attack characteristics of common Trojan horse programs, comparing the differences between static detection technology and dynamic detection technology, and analyzing the advantages and disadvantages. (2) to illustrate that abuse detection is the detection of known (similar) attacks and indirect breaches of system security policies, The knowledge base of attacking system defects is often the basis of abuse detection. Combined with the common principles and algorithms of Trojan horse detection technology based on behavior analysis, the fuzzy behavior library is designed and implemented, and the importance and practicability of these algorithms in Trojan horse detection are analyzed. Thirdly, the process of establishing fuzzy behavior rules is studied. Based on the traditional signature based detection algorithm, the Trojan horse detection mode based on behavior analysis is proposed, and the results of fuzzy behavior analysis module are de-fuzzied. Finally, the performance of the detection model is improved. Finally, a virtual network environment is constructed to test the whole model. It is proved that the fuzzy behavior analysis algorithm can achieve good results in both improving the detection accuracy and reducing the false alarm rate.
【學(xué)位授予單位】：河南工業(yè)大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 焦李成,杜海峰;人工免疫系統(tǒng)進(jìn)展與展望[J];電子學(xué)報;2003年10期

2 ;An immunity based network security risk estimation[J];Science in China(Series F:Information Sciences);2005年05期

3 王晉;李德全;馮登國;;一種基于Agent的自適應(yīng)的分布式入侵檢測系統(tǒng)[J];計算機(jī)研究與發(fā)展;2005年11期

4 陳仲民;王宇;;基于移動Agent的免疫入侵檢測模型及算法[J];計算機(jī)工程與應(yīng)用;2008年08期

5 張亮;陳雷霆;;基于人工免疫機(jī)制的木馬檢測子系統(tǒng)[J];計算機(jī)科學(xué);2004年10期

6 陳蜀宇;吳慶Oz;周輝毅;;分布式自治型入侵檢測系統(tǒng)研究[J];計算機(jī)工程;2007年06期

7 劉克龍,蒙楊,卿斯?jié)h;一種新型的網(wǎng)絡(luò)安全實現(xiàn)方法——基因計算機(jī)[J];計算機(jī)學(xué)報;2000年03期

8 陳友;沈華偉;李洋;程學(xué)旗;;一種高效的面向輕量級入侵檢測系統(tǒng)的特征選擇算法[J];計算機(jī)學(xué)報;2007年08期

9 鄭月鋒;陳軍敢;;一種自適應(yīng)動態(tài)陰性選擇入侵檢測算法研究[J];計算機(jī)應(yīng)用與軟件;2009年09期

10 左興權(quán),李士勇,李遠(yuǎn)貴;人工免疫系統(tǒng)研究的新進(jìn)展[J];計算機(jī)自動測量與控制;2002年11期

本文編號：1572514