本文選題：偽裝入侵檢測 + 用戶行為建模��； 參考：《上海交通大學(xué)》2014年碩士論文

【摘要】：偽裝入侵是指攻擊者偽裝成合法用戶進(jìn)入信息系統(tǒng)并訪問系統(tǒng)關(guān)鍵數(shù)據(jù)或執(zhí)行非法操作的行為。偽裝入侵通�？煞譃槲锢韨窝b入侵與遠(yuǎn)程偽裝入侵。近年來，偽裝入侵檢測作為入侵檢測的一個(gè)重要分支吸引了學(xué)術(shù)界與業(yè)界的廣泛關(guān)注，若干研究者也已實(shí)現(xiàn)了一些頗具可行性的偽裝入侵檢測系統(tǒng)。盡管如此，，現(xiàn)有系統(tǒng)的設(shè)計(jì)與實(shí)現(xiàn)中仍然存在以下問題：學(xué)習(xí)特征過于單一、忽視用戶網(wǎng)絡(luò)行為和缺乏隱私保護(hù)。為了解決這些問題，本文創(chuàng)新地提出了一種基于多重用戶行為的模型，并就這個(gè)模型設(shè)計(jì)與實(shí)現(xiàn)了兩個(gè)適用于不同場景的偽裝入侵檢測系統(tǒng)。 本文首先提出了一種綜合的用戶行為模型——這個(gè)模型結(jié)合了用戶基于主機(jī)與基于網(wǎng)絡(luò)的多種行為。在網(wǎng)絡(luò)行為方面，本文創(chuàng)新提出了一個(gè)基于并針對(duì)網(wǎng)絡(luò)流模型。實(shí)驗(yàn)結(jié)果驗(yàn)證了該模型具有很高的代表性。 針對(duì)物理偽裝入侵，本文提出了一個(gè)基于上述綜合行為模型與AdaBoost-SVM算法的檢測系統(tǒng)。針對(duì)遠(yuǎn)程偽裝入侵，本文利用全同態(tài)加密與模糊哈希的實(shí)現(xiàn)了一個(gè)具有隱私保護(hù)功能的檢測系統(tǒng)。 此外，本章就以上兩套系統(tǒng)分別進(jìn)行了測試。測試結(jié)果表明，這兩個(gè)系統(tǒng)分別適用于不同場景：系統(tǒng)一具有較高的準(zhǔn)確率，適用于公司局域網(wǎng)場景；系統(tǒng)二具有隱私保護(hù)的特質(zhì)，適合部署在互聯(lián)網(wǎng)網(wǎng)站。兩個(gè)系統(tǒng)的安全性和可行性都得到了驗(yàn)證。 本文所述的基于多重行為的偽裝入侵檢測系統(tǒng)解決了一些現(xiàn)有的問題，實(shí)現(xiàn)了高可用性與準(zhǔn)確性，并在真實(shí)用戶數(shù)據(jù)的測試中獲得了較好的結(jié)果，為大規(guī)模部署偽裝入侵檢測系統(tǒng)提供了強(qiáng)有力的技術(shù)支撐。
[Abstract]:Camouflage intrusion refers to an attacker's behavior of entering information system and accessing system critical data or performing illegal operation as a legitimate user. Camouflage intrusion can be divided into physical camouflage intrusion and remote camouflage intrusion. In recent years, as an important branch of intrusion detection, camouflage intrusion detection has attracted extensive attention from academia and industry. Some researchers have also implemented some feasible camouflage intrusion detection systems. However, there are still the following problems in the design and implementation of the existing system: the learning characteristics are too single, the user network behavior is ignored and privacy protection is lacking. In order to solve these problems, this paper proposes an innovative model based on multi-user behavior, and designs and implements two camouflage intrusion detection systems for different scenarios. In this paper, a comprehensive user behavior model is proposed, which combines host and network-based behaviors. In the aspect of network behavior, this paper proposes a network flow model based on and aimed at network flow. The experimental results show that the model is highly representative. For physical camouflage intrusion, this paper proposes a detection system based on the above comprehensive behavior model and AdaBoost-SVM algorithm. Aiming at remote camouflage intrusion, this paper implements a detection system with privacy protection by using full homomorphism encryption and fuzzy hash. In addition, the above two systems are tested in this chapter. The test results show that the two systems are suitable for different scenarios: system one has a higher accuracy rate and is suitable for corporate LAN scenario; system two has the property of privacy protection and is suitable for deployment on Internet sites. The security and feasibility of the two systems are verified. The camouflage intrusion detection system based on multiple behaviors in this paper solves some existing problems, realizes high availability and accuracy, and obtains good results in the testing of real user data. It provides powerful technical support for large-scale deployment of camouflage intrusion detection system.
【學(xué)位授予單位】：上海交通大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前6條

1 曾劍平;郭東輝;;基于區(qū)間值2型模糊集的偽裝入侵檢測算法[J];電子學(xué)報(bào);2008年04期

2 李順東;王道順;;基于同態(tài)加密的高效多方保密計(jì)算[J];電子學(xué)報(bào);2013年04期

3 田新廣;段m#毅;程學(xué)旗;;基于shell命令和多重行為模式挖掘的用戶偽裝攻擊檢測[J];計(jì)算機(jī)學(xué)報(bào);2010年04期

4 張曉龍;任芳;;支持向量機(jī)與AdaBoost的結(jié)合算法研究[J];計(jì)算機(jī)應(yīng)用研究;2009年01期

5 梁春林;彭凌西;;基于免疫遺傳的偽裝入侵檢測[J];計(jì)算機(jī)工程與設(shè)計(jì);2010年23期

6 肖喜;田新廣;翟起濱;葉潤國;;基于shell命令和Markov鏈模型的用戶偽裝攻擊檢測[J];通信學(xué)報(bào);2011年03期

本文編號(hào)：1834675