本文選題：入侵檢測 + 聚類分析��； 參考：《深圳大學》2015年碩士論文

【摘要】：近年網(wǎng)絡技術飛速發(fā)展,網(wǎng)絡安全問題也變得愈發(fā)突出,為了更好的應對安全問題很多學者對入侵檢測技術進行研究,以期入侵檢測系統(tǒng)能進一步的保障我們所處網(wǎng)絡的安全。入侵檢測系統(tǒng)的核心部分在于入侵分析模塊,目前對于入侵分析模塊所采用的分析技術的研究可謂“百花齊放”,入侵分析可直觀的看成是一個數(shù)據(jù)挖掘的過程,而聚類分析技術可以對海量的網(wǎng)絡數(shù)據(jù)進行知識挖掘,能較好的應用于入侵行為的識別分析中,現(xiàn)在也已經(jīng)被廣泛的應用在入侵檢測系統(tǒng)中。本文中將具體的聚類分析方法與入侵檢測相結合,對經(jīng)典的K-means、Fuzzy ART、Kohonen聚類算法進行深入研究,分析這三種算法的特點和不足,針對這幾個算法存在的問題提出了兩種較優(yōu)的改進算法,并將改進算法用于網(wǎng)絡入侵數(shù)據(jù)的檢測中,最后實驗仿真比較改進算法用于入侵檢測的效果。論文主要工作內(nèi)容有如下幾點:(1)從KDD CUP99數(shù)據(jù)集中提取實驗數(shù)據(jù)。KDD CUP99數(shù)據(jù)集是用于入侵分析的標準數(shù)據(jù)集,很多學者對于入侵檢測的研究都是基于該數(shù)據(jù)集,本文所使用的其中一組實驗數(shù)據(jù)來源于該數(shù)據(jù)集,本文深入地研究了KDD CUP99數(shù)據(jù)集并通過主成分分析法從中提取降了維的入侵數(shù)據(jù),得到的降維數(shù)據(jù)仍保留了原始數(shù)據(jù)的主要信息。(2)提出基于Fuzzy ART的改進K-means算法。利用Fuzzy ART聚類過程中能自動生成新節(jié)點的特性,對原始數(shù)據(jù)進行初步的聚類,為K-means提供符合數(shù)據(jù)分布的類中心和類個數(shù)K。(3)改進Kohonen網(wǎng)絡學習的權值調(diào)整方式。在傳統(tǒng)Kohonen網(wǎng)絡的學習過程中引入隸屬度,基于隸屬度的方式進行獲勝領域神經(jīng)元學習,改進的學習方式使得神經(jīng)元的學習更能反映樣本的特性。(4)實驗分析。用傳統(tǒng)Fuzzy ART、K-means及改進的FART K-means算法在兩組不同的標準網(wǎng)絡入侵數(shù)據(jù)集上進行對比實驗,結果表明改進的FART K-means算法在檢測準確率和聚類速度上都有一定程度的提高。同樣,使用傳統(tǒng)Kohonen和改進的I-Kohonen算法進行仿真對比實驗,結果表明改進的I-Kohonen算法對入侵數(shù)據(jù)的檢測能在保持運行速度的情況下提高檢測率。本文提出的兩種改進算法應用在入侵數(shù)據(jù)聚類分析中都取得了較滿意的結果,能較好的完成對入侵數(shù)據(jù)的檢測。整個論文的創(chuàng)新點主要有兩點:(1)改進了K-means算法的K值選取方法和中心選擇方法;(2)優(yōu)化了Kohonen網(wǎng)絡的權值學習方式。
[Abstract]:In recent years, with the rapid development of network technology, network security issues have become more and more prominent. In order to better deal with security problems, many scholars study intrusion detection technology in order to further ensure the security of our network. The core part of the intrusion detection system is the intrusion analysis module. At present, the research on the analysis technology used in the intrusion analysis module can be described as "a hundred flowers blossom", and the intrusion analysis can be viewed as a process of data mining. Clustering analysis technology can be used for knowledge mining of massive network data, and can be applied to intrusion identification and analysis. Now it has been widely used in intrusion detection system. In this paper, the classical K-means-fuzzy ARTN Kohonen clustering algorithm is deeply studied by combining the specific clustering analysis method with the intrusion detection method, and the characteristics and shortcomings of the three algorithms are analyzed. Aiming at the problems of these algorithms, two improved algorithms are put forward, and the improved algorithms are applied to the detection of network intrusion data. Finally, the effect of the improved algorithm in intrusion detection is compared by simulation. The main work of this paper is as follows: 1) extracting experimental data from KDD CUP99 dataset. KDD CUP99 dataset is a standard data set for intrusion analysis. One of the experimental data used in this paper is derived from the data set. In this paper, the KDD CUP99 data set is deeply studied and the dimensionally reduced intrusion data is extracted by principal component analysis (PCA). The obtained dimensionality reduction data still retains the main information of the original data. (2) an improved K-means algorithm based on Fuzzy ART is proposed. Taking advantage of the feature that new nodes can be generated automatically in the process of Fuzzy ART clustering, the primary clustering of raw data is carried out, which provides K-means with a class center that accords with data distribution and the number of classes K. ~ (3) and improves the weight adjustment method of Kohonen network learning. Membership degree is introduced into the learning process of traditional Kohonen network, and neuron learning in winning domain is carried out based on membership degree. The improved learning method makes neuron learning more reflective of the characteristics of the sample. The traditional Fuzzy ART K-means and the improved FART K-means algorithm are compared on two sets of standard network intrusion data sets. The results show that the improved FART K-means algorithm can improve the detection accuracy and clustering speed to a certain extent. In the same way, the traditional Kohonen algorithm and the improved I-Kohonen algorithm are used to carry out the simulation and contrast experiments. The results show that the improved I-Kohonen algorithm can improve the detection rate of intrusion data under the condition of keeping the running speed. The two improved algorithms proposed in this paper have been applied to the clustering analysis of intrusion data with satisfactory results, and the intrusion data can be detected well. The main innovations of the whole paper are two points: 1) improving the K-means algorithm's K-value selection method and the center selection method / 2) optimizing the weight learning method of Kohonen network.
【學位授予單位】：深圳大學
【學位級別】：碩士
【學位授予年份】：2015
【分類號】：TP393.08

【參考文獻】

相關期刊論文 前10條

1 紀祥敏;寧正元;林大輝;;誤用檢測技術研究[J];福建電腦;2006年02期

2 薛京花;劉震宇;崔適時;;對K-means算法初始聚類中心選取的優(yōu)化[J];電子世界;2012年05期

3 蔣少華;胡華平;;入侵檢測系統(tǒng)的評估指標體系[J];計算機應用研究;2006年11期

4 羅利民;周震;;基于IPV6的網(wǎng)絡安全入侵檢測技術研究[J];科技通報;2012年04期

5 徐守坤;王薇;樂光學;;IWO-Kohonen聚類算法在IDS中的應用[J];計算機工程;2014年01期

6 陳穎悅;;一種基于聚類算法的網(wǎng)絡入侵檢測應用[J];廈門理工學院學報;2014年01期

7 段海新,吳建平;一種分布式協(xié)同入侵檢測系統(tǒng)的設計與實現(xiàn)[J];軟件學報;2001年09期

8 張新有;曾華q，

本文編號：1815645