本文選題：入侵檢測(cè) + Snort�。� 參考：《河北科技大學(xué)》2014年碩士論文

【摘要】：入侵檢測(cè)可以分為誤用檢測(cè)和異常檢測(cè),Snort系統(tǒng)作為典型的誤用入侵檢測(cè)系統(tǒng)采用特征匹配的網(wǎng)絡(luò)入侵檢測(cè)系統(tǒng),具有開放源代碼和采用插件機(jī)制的特征。Snort采用的入侵特征匹配方法為較低層次的網(wǎng)絡(luò)數(shù)據(jù)包特征碼匹配,這種描述入侵特征方式比較復(fù)雜,不容易理解。入侵檢測(cè)數(shù)據(jù)集KDD99的屬性集對(duì)各種入侵特征進(jìn)行了比較好的抽象概括,利用KDD99數(shù)據(jù)集的屬性集進(jìn)行入侵檢測(cè)具有更好的可理解性,更簡(jiǎn)潔,效率更高,能更準(zhǔn)確的檢測(cè)到各種入侵類型。本研究通過對(duì)入侵和特征屬性進(jìn)行分類分析并對(duì)屬性集的各個(gè)屬性計(jì)算信息增益,按信息增益由大到小排序,選擇信息增益較大的部分屬性進(jìn)行改進(jìn)的Snort系統(tǒng)入侵檢測(cè)。Snort系統(tǒng)具有誤用入侵檢測(cè)系統(tǒng)所具有的較高的檢測(cè)效率優(yōu)點(diǎn),但也存在無(wú)法檢測(cè)出未知入侵類型的弱點(diǎn)。本研究設(shè)計(jì)了一種簡(jiǎn)單的基于偏差的離群點(diǎn)檢測(cè)方法,并將之應(yīng)用在Snort系統(tǒng)中,使改進(jìn)的Snort系統(tǒng)具有了對(duì)未定義入侵特征的入侵類型的檢測(cè)能力。本研究在Snort系統(tǒng)的檢測(cè)流程的基礎(chǔ)上設(shè)計(jì)了一種新的入侵檢測(cè)流程,合理的劃分離線檢測(cè)部分與在線檢測(cè)部分,將Snort系統(tǒng)所采用的特征碼匹配方式作為在線檢測(cè)部分,將設(shè)計(jì)的離群點(diǎn)檢測(cè)方法作為離線檢測(cè)部分,保證了在增強(qiáng)入侵檢測(cè)檢測(cè)效果的同時(shí)不降低Snort系統(tǒng)的檢測(cè)效率。最后通過實(shí)驗(yàn)驗(yàn)證了設(shè)計(jì)的基于偏差的離群點(diǎn)檢測(cè)方法應(yīng)用在入侵檢測(cè)系統(tǒng)中能有效的檢測(cè)到未定義入侵特征的入侵類型,可以將之應(yīng)用在對(duì)Snort系統(tǒng)的改進(jìn)以增強(qiáng)Snort系統(tǒng)的檢測(cè)效果。
[Abstract]:Intrusion detection can be divided into misuse detection and anomaly detection snort system as a typical misuse intrusion detection system using feature matching network intrusion detection system.The intrusion feature matching method used by Snort, which has open source code and plug-in mechanism, is a low level network packet signature matching method, which describes the intrusion feature in a more complex way and is not easy to understand.The attribute set of intrusion detection data set (KDD99) has a better abstract generalization of various intrusion features. Using the attribute set of KDD99 data set to carry out intrusion detection has better comprehensibility, more conciseness and higher efficiency.More accurate detection of various types of intrusion.In this study, the intrusion and feature attributes are classified and analyzed, and the information gain is calculated for each attribute of the attribute set, and the information gain is sorted according to the information gain from large to small.The improved Snort intrusion detection system with higher information gain has the advantages of high detection efficiency of misuse intrusion detection system, but it also has the weakness that unknown intrusion type can not be detected.In this paper, a simple outlier detection method based on deviation is designed and applied to Snort system. The improved Snort system has the ability to detect intrusion types with undefined intrusion features.Based on the detection flow of Snort system, a new intrusion detection process is designed in this paper. The off-line detection part and the on-line detection part are reasonably divided. The signature matching method used in the Snort system is taken as the on-line detection part.The outlier detection method is used as the part of offline detection, which ensures that the detection efficiency of Snort system is not reduced while the effect of intrusion detection is enhanced.Finally, it is verified by experiments that the designed outlier detection method based on deviation can effectively detect the intrusion types with undefined intrusion characteristics in the intrusion detection system.It can be applied to the improvement of Snort system to enhance the detection effect of Snort system.
【學(xué)位授予單位】：河北科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08;TP311.13

【參考文獻(xiàn)】

相關(guān)期刊論文 前5條

1 董斌;張少敏;王保義;;基于Agent和STAT的入侵檢測(cè)系統(tǒng)在電力信息系統(tǒng)的研究[J];電力自動(dòng)化設(shè)備;2006年01期

2 江峰;杜軍威;眭躍飛;曹存根;;基于邊界和距離的離群點(diǎn)檢測(cè)[J];電子學(xué)報(bào);2010年03期

3 李輝,韓崇昭,鄭慶華,昝鑫;一種基于交互式知識(shí)發(fā)現(xiàn)的入侵事件關(guān)聯(lián)方法研究[J];計(jì)算機(jī)研究與發(fā)展;2004年11期

4 閆少華;張巍;滕少華;;基于密度的離群點(diǎn)挖掘在入侵檢測(cè)中的應(yīng)用[J];計(jì)算機(jī)工程;2011年18期

5 鄧?yán)?高德遠(yuǎn);;基于半監(jiān)督聚類的入侵檢測(cè)系統(tǒng)模型研究[J];西北工業(yè)大學(xué)學(xué)報(bào);2010年04期

相關(guān)博士學(xué)位論文 前1條

1 張鳳斌;基于免疫遺傳算法的入侵檢測(cè)技術(shù)研究[D];哈爾濱工程大學(xué);2005年

相關(guān)碩士學(xué)位論文 前1條

1 康振勇;網(wǎng)絡(luò)入侵檢測(cè)系統(tǒng)Snort的研究與改進(jìn)[D];西安電子科技大學(xué);2006年

，

本文編號(hào)：1750863