本文選題：安全態(tài)勢感知 + 非均衡��； 參考：《天津理工大學(xué)》2014年碩士論文

【摘要】：現(xiàn)在的網(wǎng)絡(luò)安全問題已經(jīng)是一個非常嚴(yán)重的問題，如何能夠有效及時的發(fā)現(xiàn)網(wǎng)絡(luò)攻擊，預(yù)防網(wǎng)絡(luò)攻擊具有非常重要的意義，現(xiàn)有的網(wǎng)絡(luò)安全技術(shù)已經(jīng)難以滿足網(wǎng)絡(luò)管理。而基于融合技術(shù)的網(wǎng)絡(luò)安全態(tài)勢感知技術(shù)必然成為網(wǎng)絡(luò)管理的發(fā)展方向。 網(wǎng)絡(luò)安全態(tài)勢感知是應(yīng)用數(shù)據(jù)融合的方法，將來自不同安全檢測工具的報警信息進(jìn)行融合來分析當(dāng)前網(wǎng)絡(luò)的安全狀況，并根據(jù)當(dāng)前的狀態(tài)預(yù)測下一步網(wǎng)絡(luò)將會受到的攻擊行為。網(wǎng)絡(luò)非均衡數(shù)據(jù)異常分類作為網(wǎng)絡(luò)安全態(tài)勢感知最重要的一個環(huán)節(jié)，為安全態(tài)勢提供非常重要的安全信息和決策。它運(yùn)用到的技術(shù)包括數(shù)據(jù)挖掘技術(shù)、融合技術(shù)以及可視化等技術(shù)。本文主要運(yùn)用數(shù)據(jù)挖掘相關(guān)技術(shù)，對整個網(wǎng)絡(luò)安全態(tài)勢感知中非均衡數(shù)據(jù)異常分類進(jìn)行研究，這些數(shù)據(jù)是基于時間和主機(jī)的網(wǎng)絡(luò)流量統(tǒng)計，如何實現(xiàn)高效準(zhǔn)確的網(wǎng)絡(luò)非均衡數(shù)據(jù)異常分類是網(wǎng)絡(luò)安全所面臨的一個嚴(yán)峻的挑戰(zhàn)。為了解決這個問題，本文針對網(wǎng)絡(luò)數(shù)據(jù)的特點做了如下工作： （1）通過分析傳統(tǒng)的網(wǎng)絡(luò)數(shù)據(jù)異常分類模型，結(jié)合數(shù)據(jù)的特點，針對異常分類系統(tǒng)存在的兩個問題在數(shù)據(jù)預(yù)處理階段做出改進(jìn)：一是數(shù)據(jù)屬性冗余和屬性權(quán)重問題，運(yùn)用粗集理論對各個屬性賦予權(quán)重并進(jìn)行屬性約減；二是粗集理論中連續(xù)數(shù)據(jù)離散化問題，提出了針對數(shù)據(jù)特點的自適應(yīng)離散化算法，該算法是根據(jù)屬性值分布來確定離散間隔。實驗表明該算法相比其他算法提高了異常分類的準(zhǔn)確率，而且減少了斷點數(shù)和剩余條件屬性個數(shù)，減少了空間維數(shù)，提高了異常分類的效率。 （2）在異常分類的階段，本文針對新異常分類問題和非均衡數(shù)據(jù)提出了解決辦法。隨著時間的推移、技術(shù)的進(jìn)步，網(wǎng)絡(luò)中會不斷出現(xiàn)新的異常類，針對這一問題提出了實時更新異常模型來解決新異常分類問題。另外一個問題就是網(wǎng)絡(luò)中具體異常行為相對正常行為較低，導(dǎo)致數(shù)據(jù)分布非均衡，這樣對網(wǎng)絡(luò)具體異常分類效率比較低。本文針對這一問題提出先用單分類器，來處理正常數(shù)據(jù)和異常數(shù)據(jù)的分類，當(dāng)出現(xiàn)少數(shù)異常數(shù)據(jù)的時候再用快速最近鄰分類器進(jìn)行分類，，這樣在大部分時間內(nèi)是單分類器在工作，大大減少了工作量提高了效率。 （3）基于以上提出的方法，應(yīng)用經(jīng)典的KDD99數(shù)據(jù)完成算法的仿真實驗，實驗對比了其他相應(yīng)的算法。實驗結(jié)果證明本文提出的算法高效性和準(zhǔn)確性。
[Abstract]:Now the network security problem is a very serious problem, how to find the network attack effectively and timely, prevent the network attack has a very important significance, the existing network security technology has been difficult to meet the network management. The technology of network security situation awareness based on fusion technology is bound to become the development direction of network management. Network security situational awareness (NSAS) is a method of data fusion, which combines the alarm information from different security detection tools to analyze the current network security situation, and predicts the next attack behavior of the network according to the current state. As the most important link of network security situation awareness, network disequilibrium data anomaly classification provides very important security information and decision-making for security situation. The technologies used include data mining, fusion and visualization. This paper mainly uses data mining technology to study the abnormal classification of unbalanced data in the whole network security situation awareness. These data are based on time and host network traffic statistics. How to realize efficient and accurate abnormal classification of network disequilibrium data is a severe challenge to network security. In order to solve this problem, this paper has done the following work according to the characteristics of network data: 1) by analyzing the traditional network data anomaly classification model and combining the characteristics of the data, two problems existing in the anomaly classification system are improved in the data preprocessing stage: one is the data attribute redundancy and the attribute weight problem, the other is the data attribute redundancy and attribute weight. The rough set theory is used to give weight to each attribute and reduce the attribute. Secondly, the discretization problem of continuous data in rough set theory is discussed, and an adaptive discretization algorithm is proposed to deal with the characteristics of the data. The algorithm is based on the distribution of attribute values to determine the discrete interval. Experiments show that compared with other algorithms, the algorithm improves the accuracy of anomaly classification, reduces the number of breakpoints and the number of residual attributes, reduces the spatial dimension and improves the efficiency of anomaly classification. 2) in the phase of abnormal classification, this paper proposes a solution to the problem of new abnormal classification and unbalanced data. With the development of technology and time, new abnormal classes will appear in the network. To solve this problem, a real-time update anomaly model is proposed to solve the problem of new exception classification. Another problem is that the specific abnormal behavior in the network is relatively low, which leads to the disequilibrium of the data distribution, so the classification efficiency of the network specific anomalies is relatively low. In order to solve this problem, a single classifier is proposed to deal with the classification of normal and abnormal data first, and then a fast nearest neighbor classifier is used to classify the abnormal data when there are a few abnormal data. In this way, the single classifier is working for most of the time, which greatly reduces the workload and improves the efficiency. Based on the above method, the simulation experiment of the algorithm is completed by using the classical KDD99 data, and the other algorithms are compared. The experimental results show that the proposed algorithm is efficient and accurate.
【學(xué)位授予單位】：天津理工大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前4條

1 趙軍;張顯躍;;基于粗集理論的數(shù)據(jù)離散化技術(shù)研究[J];重慶郵電學(xué)院學(xué)報(自然科學(xué)版);2006年06期

2 趙軍,王國胤,吳中福,李華;基于粗集理論的數(shù)據(jù)離散化新算法[J];重慶大學(xué)學(xué)報(自然科學(xué)版);2002年03期

3 陳秀真;鄭慶華;管曉宏;林晨光;;層次化網(wǎng)絡(luò)安全威脅態(tài)勢量化評估方法[J];軟件學(xué)報;2006年04期

4 龔正虎;卓瑩;;網(wǎng)絡(luò)態(tài)勢感知研究[J];軟件學(xué)報;2010年07期

相關(guān)博士學(xué)位論文 前3條

1 王娟;大規(guī)模網(wǎng)絡(luò)安全態(tài)勢感知關(guān)鍵技術(shù)研究[D];電子科技大學(xué);2010年

2 周俊臨;基于數(shù)據(jù)挖掘的分布式異常檢測[D];電子科技大學(xué);2010年

3 努爾布力;基于數(shù)據(jù)挖掘的異常檢測和多步入侵警報關(guān)聯(lián)方法研究[D];吉林大學(xué);2010年

本文編號：1838858