本文選題：入侵檢測系統(tǒng)　切入點：數(shù)據挖掘　出處：《浙江工業(yè)大學》2014年碩士論文　論文類型：學位論文

【摘要】：隨著社會的快速發(fā)展,互聯(lián)網逐漸成為人們日常生活必不可少的一部分,而隨之產生的網絡安全問題也日益受到重視。作為主動防御體系的入侵檢測技術,是網絡安全的重要組成部分,也是互聯(lián)網的一個重要研究領域。 本文針對傳統(tǒng)入侵檢測系統(tǒng)無法識別未知攻擊的問題,提出了支持向量機(Support Vector Machine, SVM)與分類集成技術相結合構建入侵檢測模型的方法,將數(shù)據挖掘應用于入侵檢測系統(tǒng)構建。在對網絡數(shù)據特征提取過程中,提出基于負載的特征提取方案,然后運用之前的方案構建分類器進行分類,從而提高了檢測率與降低了誤報率。 論文主要工作描述如下： 1)提出了一種惡意數(shù)據包負載集特征提取方法。本文采用數(shù)據挖掘技術應用與入侵檢測系統(tǒng)中,對于數(shù)據挖掘技術,尤其是本文使用的分類技術,數(shù)據的特征選取對最終的分類效果有著至關重要的影響,因此,本文提取了網絡數(shù)據中的有效特征,該特征集經過實驗檢驗,對惡意網絡數(shù)據包負載及惡意代碼等具有良好的檢測效率。 2)分類器構造。分類器是直接決定分類效果的重要因素,也直接影響著檢測系統(tǒng)的性能。本文結合分類器集成的技術,使用支持向量機作為主要分類技術,提出了效果良好的集成分類器構造方法,并實驗證明,相對經典的Bagging和Boosting算法,該方法具有良好的精確度、誤報率以及泛化性能。 3)入侵檢測系統(tǒng)設計及實現(xiàn)。本文整合以上的特征提取以及分類器構造的方案,設計并實現(xiàn)了一個入侵檢測系統(tǒng),實現(xiàn)了對網絡數(shù)據的捕獲,分析,檢測分類以及報警的功能。
[Abstract]:With the rapid development of society, the Internet has gradually become an indispensable part of people's daily life, and the resulting network security issues have been paid more and more attention. As an active defense system, intrusion detection technology, It is an important part of network security and an important research field of Internet. Aiming at the problem that traditional intrusion detection system can not recognize unknown attacks, this paper proposes a method of constructing intrusion detection model by combining support vector machine support Vector machine with classification integration technology. In the process of feature extraction of network data, a load-based feature extraction scheme is proposed, and then the former scheme is used to construct classifier for classification. The detection rate is improved and the false positive rate is reduced. The main work of the thesis is as follows:. 1) A method of feature extraction of malicious data packet load set is proposed. In this paper, data mining technology is used in intrusion detection system, especially for data mining technology, especially the classification technology used in this paper. The feature selection of the data has an important influence on the final classification effect. Therefore, this paper extracts the effective features from the network data, and the feature set is tested by experiments. It has good detection efficiency for malicious network packet load and malicious code. 2) classifier construction. Classifier is an important factor that directly determines the classification effect and directly affects the performance of the detection system. In this paper, support vector machine (SVM) is used as the main classification technology combined with the classifier integration technology. A good method of constructing integrated classifier is proposed. Compared with the classical Bagging and Boosting algorithms, the method has good accuracy, false alarm rate and generalization performance. 3) the design and implementation of intrusion detection system. This paper integrates the above schemes of feature extraction and classifier construction, designs and implements an intrusion detection system, realizes the functions of network data acquisition, analysis, detection, classification and alarm.
【學位授予單位】：浙江工業(yè)大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP393.08;TP311.13

【參考文獻】

相關博士學位論文 前1條

1 李玲娟;數(shù)據挖掘技術在入侵檢測系統(tǒng)中的應用研究[D];蘇州大學;2008年

，

本文編號：1598834