本文選題：網(wǎng)絡(luò)異常檢測　切入點：樸素貝葉斯　出處：《山東師范大學(xué)》2016年碩士論文　論文類型：學(xué)位論文

【摘要】：自20世紀(jì)70年代計算機(jī)網(wǎng)絡(luò)技術(shù)出現(xiàn)以來,直到目前網(wǎng)絡(luò)技術(shù)已經(jīng)深入到生活的方方面面,計算機(jī)網(wǎng)絡(luò)已經(jīng)成為生活中必不可少的組成部分。然而在享受網(wǎng)絡(luò)帶來便利的同時,網(wǎng)絡(luò)上層出不窮的網(wǎng)絡(luò)病毒、木馬、黑客、網(wǎng)絡(luò)犯罪等事件也給網(wǎng)絡(luò)安全帶來極大的威脅,尤其是當(dāng)今生活中網(wǎng)絡(luò)世界與現(xiàn)實世界不斷融合,諸如電子交易、網(wǎng)上支付等行為從一定程度上增加了網(wǎng)絡(luò)安全的重要性,因此越來越多承載此類業(yè)務(wù)的網(wǎng)絡(luò)便成為了攻擊的重點。根據(jù)2016年的CNCERT互聯(lián)網(wǎng)安全威脅報告顯示,網(wǎng)絡(luò)安全事件發(fā)生次數(shù)每年都在增長,攻擊方式趨于多樣化,給廣大網(wǎng)民的生活造成了重大的損失。為減少網(wǎng)絡(luò)攻擊帶來的重大損失我們有必要開發(fā)相關(guān)系統(tǒng)和產(chǎn)品來維護(hù)網(wǎng)絡(luò)安全,打擊網(wǎng)絡(luò)犯罪。針對網(wǎng)絡(luò)犯罪事件的不斷發(fā)生,首先要做到是防患于未然,而網(wǎng)絡(luò)異常檢測是預(yù)防網(wǎng)絡(luò)攻擊的常用方法,該方法是在網(wǎng)絡(luò)攻擊造成重大危害前有效地檢測到攻擊行為以便做好相關(guān)預(yù)防措施。本文結(jié)合改進(jìn)的樸素貝葉斯理論以及WinPcap技術(shù)、C/S技術(shù)架構(gòu)、SQL Server 2008數(shù)據(jù)庫技術(shù)、Visual Studio 2010開發(fā)平臺,使用C#語言開發(fā)了一種基于加權(quán)樸素貝葉斯的網(wǎng)絡(luò)異常檢測系統(tǒng)。本文主要工作包括以下幾點:(1)在查閱大量國內(nèi)外相關(guān)參考文獻(xiàn)的基礎(chǔ)上,分析了目前網(wǎng)絡(luò)異常檢測系統(tǒng)的背景及發(fā)展現(xiàn)狀,深入研究了網(wǎng)絡(luò)異常檢測的相關(guān)技術(shù)和理論依據(jù),明確了系統(tǒng)的設(shè)計目標(biāo)。依據(jù)系統(tǒng)設(shè)計目標(biāo)進(jìn)行了需求分析,包括功能性需求和非功能性需求。(2)提出一種改進(jìn)的加權(quán)樸素貝葉斯算法用于網(wǎng)絡(luò)異常檢測,并應(yīng)用于網(wǎng)絡(luò)異常檢測系統(tǒng)。論文首先對系統(tǒng)進(jìn)行了概要設(shè)計,包括系統(tǒng)的技術(shù)架構(gòu)和功能架構(gòu),然后確定了系統(tǒng)的功能模塊,包括數(shù)據(jù)采集模塊、數(shù)據(jù)存儲模塊和數(shù)據(jù)分析模塊,并確定了每個模塊的技術(shù)要求和模塊間的工作流程。(3)系統(tǒng)采用C/S架構(gòu),編程實現(xiàn)基于加權(quán)樸素貝葉斯的網(wǎng)絡(luò)異常檢測系統(tǒng)。在實驗室局域網(wǎng)環(huán)境下,通過模擬常見網(wǎng)絡(luò)攻擊對目標(biāo)主機(jī)進(jìn)行模擬攻擊,對系統(tǒng)進(jìn)行測試。測試結(jié)果顯示,本系統(tǒng)能夠較準(zhǔn)確檢測出常見的網(wǎng)絡(luò)攻擊,具有較高的檢測準(zhǔn)確率和檢測速度。
[Abstract]:Since the advent of computer network technology in 1970s, until now, network technology has penetrated into all aspects of life, computer network has become an essential part of life. However, while enjoying the convenience of the network, The endless network viruses, Trojans, hackers, cyber crimes and other events on the network also pose a great threat to the network security, especially in today's life, the network world and the real world continue to merge, such as electronic transactions. Online payment and other activities have increased the importance of network security to some extent, so more and more networks carrying such services have become the focus of attacks. According to the CNCERT Internet Security threat report of 2016, The number of cyber security incidents is increasing every year, and the attacks tend to be diversified. It has caused great losses to the lives of the majority of Internet users. In order to reduce the heavy losses caused by cyber attacks, it is necessary to develop relevant systems and products to maintain network security and crack down on cybercrime. In view of the continuous occurrence of cyber crimes, The first thing to do is to prevent trouble in the first place, and network anomaly detection is a common method to prevent network attacks. This method is to detect the attack behavior effectively before the network attack causes serious harm in order to do a good job of preventive measures. This paper combines the improved naive Bayes theory and the WinPcap technology to construct the SQL Server 2008 database technology and the Visual Studio 2010 development platform, which is based on the improved naive Bayes theory and the C / S technology. A network anomaly detection system based on weighted naive Bayes is developed by using C # language. This paper analyzes the background and development of the network anomaly detection system, deeply studies the related technology and theoretical basis of the network anomaly detection, defines the design goal of the system, and analyzes the requirements according to the system design goal. This paper presents an improved weighted naive Bayes algorithm for network anomaly detection, and applies it to the network anomaly detection system. It includes the technical framework and functional architecture of the system, and then determines the functional modules of the system, including the data acquisition module, the data storage module and the data analysis module. The technical requirements of each module and the working flow between modules are determined. The system adopts C / S architecture and is programmed to realize the network anomaly detection system based on weighted naive Bayes. The system is tested by simulating the common network attacks on the target host. The test results show that the system can detect the common network attacks accurately and has a high detection accuracy and detection speed.
【學(xué)位授予單位】：山東師范大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2016
【分類號】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 王輝;陳泓予;劉淑芬;;基于改進(jìn)樸素貝葉斯算法的入侵檢測系統(tǒng)[J];計算機(jī)科學(xué);2014年04期

2 董倩;范亞斌;;論軟件工程中軟件測試的重要性[J];煤炭技術(shù);2013年06期

3 賈嫻;劉培玉;公偉;;基于改進(jìn)屬性加權(quán)的樸素貝葉斯入侵取證研究[J];計算機(jī)工程與應(yīng)用;2013年07期

4 錢葉魁;陳鳴;葉立新;劉鳳榮;朱少衛(wèi);張晗;;基于多尺度主成分分析的全網(wǎng)絡(luò)異常檢測方法[J];軟件學(xué)報;2012年02期

5 佟海;;基于C/S體系結(jié)構(gòu)的軟件測試方法[J];今日科苑;2010年22期

6 沙澍之;汪軍華;;WinpCap實現(xiàn)UDP網(wǎng)絡(luò)數(shù)據(jù)包的分析與設(shè)計[J];雷達(dá)與對抗;2010年01期

7 張仁良;;軟件架構(gòu)中的非功能需求[J];微型電腦應(yīng)用;2009年01期

8 張偉;王韜;潘艷輝;郝震華;;基于WinPcap的數(shù)據(jù)包捕獲及應(yīng)用[J];計算機(jī)工程與設(shè)計;2008年07期

9 王嫻;劉輝;倪遠(yuǎn)平;;B/S與C/S體系結(jié)構(gòu)的應(yīng)用研究[J];信息技術(shù);2006年06期

10 康曉東,裴昌幸;基于WinPcap庫的網(wǎng)絡(luò)封包嗅探器實現(xiàn)[J];電子科技;2005年02期

，

本文編號：1625894