本文選題：入侵檢測　切入點：數(shù)據(jù)挖掘　出處：《重慶大學》2014年碩士論文　論文類型：學位論文

【摘要】：伴隨著計算機應用在全球各個領域的普及，網(wǎng)絡通信正以其獨特的方式快速地改變著人們的學習、工作和日常生活。面對飛速發(fā)展的網(wǎng)絡技術，必須認識到：一方面，網(wǎng)絡技術具有廣闊的發(fā)展前景；另一方面，各種網(wǎng)絡攻擊與破壞日趨嚴重，，已經(jīng)嚴重威脅著網(wǎng)絡通信的正常運行。網(wǎng)絡安全問題已經(jīng)成為當今世界全球范圍內的重要議題之一，如何高效地檢測網(wǎng)絡數(shù)據(jù)識別非法行為，對于維持系統(tǒng)和網(wǎng)絡資源的安全性而言尤為重要。傳統(tǒng)靜態(tài)安全防御技術（例如：防火墻技術、數(shù)據(jù)加密技術等）能夠解決系統(tǒng)安全方面的部分問題，但是對復雜多變、日新月異的網(wǎng)絡攻擊手段缺乏檢測的主動性。因此，摒棄被動激發(fā)，能夠主動檢測的入侵檢測技術應運而生。作為一種新型安全保障技術，入侵檢測技術在入侵攻擊行為危害到系統(tǒng)/網(wǎng)絡的信息資源安全之前采取積極防御措施。因此，入侵檢測系統(tǒng)已經(jīng)成為網(wǎng)絡信息安全方面的重要研究領域之一。 但系統(tǒng)和網(wǎng)絡數(shù)據(jù)的海量性和未知性是入侵檢測進一步發(fā)展的一大挑戰(zhàn)。能夠從海量數(shù)據(jù)中提取有效信息的數(shù)據(jù)挖掘技術有效地解決了這一難題。其中，數(shù)據(jù)挖掘技術中的聚類分析方法的引入，增強了入侵檢測系統(tǒng)在未標記數(shù)據(jù)集上建立檢測模型從而發(fā)現(xiàn)異常數(shù)據(jù)的能力，對于提高檢測系統(tǒng)的性能有重大的研究意義。本文以數(shù)據(jù)挖掘技術在入侵檢測系統(tǒng)中的應用為相關理論基礎，以聚類分析在入侵檢測中的應用為核心，提出針對K-means聚類算法的改進算法。具體工作如下： 首先，將數(shù)據(jù)獨立程度概念引入實驗數(shù)據(jù)子集構造理論中，利用獨立程度評價屬性的重要性，精簡數(shù)據(jù)維數(shù)。然后，從傳統(tǒng)K-means聚類算法出發(fā)，提出基于點密度的初始聚類方式，將數(shù)據(jù)集合并為若干初始類，結合最小支撐樹聚類算法與傳統(tǒng)K-means聚類算法實現(xiàn)分裂，從而克服了傳統(tǒng)K-means聚類算法聚類初始中心選擇難和K值確定的問題。最后，使用KDD Cup99數(shù)據(jù)集對改進算法在入侵檢測中的應用進行仿真實驗，結果表明：改進算法在檢測率和誤報率方面均優(yōu)于傳統(tǒng)K-means算法，有效地提高了入侵檢測的檢測性能。
[Abstract]:With the popularity of computer application in all fields of the world, network communication is changing people's study, work and daily life in its unique way. In the face of the rapid development of network technology, we must realize: on the one hand, Network technology has a broad prospect of development; on the other hand, all kinds of network attacks and destruction are becoming more and more serious, which has seriously threatened the normal operation of network communications. Network security has become one of the most important issues in the world today. How to detect network data efficiently to identify illegal behavior is particularly important for maintaining the security of systems and network resources. Data encryption technology can solve some problems in system security, but lack of initiative to detect complex and changing network attack methods. As a new type of security technology, intrusion detection technology takes active defense measures before intrusion attack endangers the security of information resources of system / network. Intrusion detection system (IDS) has become one of the most important research fields in network information security. However, the magnanimity and uncertainty of system and network data is a great challenge for the further development of intrusion detection. The data mining technology, which can extract effective information from massive data, effectively solves this problem. The introduction of clustering analysis method in data mining technology enhances the ability of intrusion detection system to establish detection model on unmarked data set to find abnormal data. This paper takes the application of data mining technology in intrusion detection system as the theoretical basis and the application of clustering analysis in intrusion detection system as the core. An improved K-means clustering algorithm is proposed. The specific work is as follows:. Firstly, the concept of data independence is introduced into the theory of experimental data subset construction, and the importance of attribute evaluation is used to simplify the data dimension. Then, based on the traditional K-means clustering algorithm, An initial clustering method based on point density is proposed. The data set is merged into some initial classes and split between the minimum support tree clustering algorithm and the traditional K-means clustering algorithm. In order to overcome the traditional K-means clustering algorithm clustering initial center selection and K value determination problems. Finally, using KDD Cup99 dataset to improve the application of the algorithm in intrusion detection simulation experiment, The results show that the improved algorithm is superior to the traditional K-means algorithm in detection rate and false positive rate, and improves the detection performance of intrusion detection effectively.
【學位授予單位】：重慶大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP393.08;TP311.13

【引證文獻】

相關碩士學位論文 前2條

1 王衛(wèi)安;基于BP神經(jīng)網(wǎng)絡和聚類分析的入侵檢測研究[D];河北師范大學;2015年

2 童紅艷;網(wǎng)絡入侵數(shù)據(jù)聚類分析研究[D];深圳大學;2015年

本文編號：1573976