本文選題：特征選擇 + 入侵檢測　； 參考：《電子科技大學(xué)》2014年碩士論文

【摘要】：隨著社會的進(jìn)步和網(wǎng)絡(luò)信息技術(shù)的飛速發(fā)展,互聯(lián)網(wǎng)普及率和網(wǎng)民數(shù)量逐年攀升,人們的日常生活與工作越來越離不開網(wǎng)絡(luò)。與此同時(shí),針對網(wǎng)絡(luò)的攻擊手段和攻擊工具日趨多樣復(fù)雜,網(wǎng)絡(luò)安全面臨著嚴(yán)峻的挑戰(zhàn)。入侵檢測是一種重要的安全防范技術(shù),它通過分析收集到的數(shù)據(jù),判斷網(wǎng)絡(luò)中是否存在入侵并采取相應(yīng)的措施。然而,隨著網(wǎng)絡(luò)規(guī)模和用戶數(shù)量的日益增大,網(wǎng)絡(luò)中傳輸?shù)臄?shù)據(jù)量出現(xiàn)了“爆炸性”趨勢,這使得入侵檢測系統(tǒng)無法及時(shí)處理大量信息,導(dǎo)致IDS響應(yīng)不及時(shí)甚至失效。為了解決上述問題,研究者將目光投向了特征選擇方法,該方法可以對入侵檢測系統(tǒng)要處理的數(shù)據(jù)進(jìn)行預(yù)處理,選擇對系統(tǒng)而言比較“重要”的特征,降低數(shù)據(jù)的維度,從而有效地提高入侵檢測系統(tǒng)的效率�？傮w上,本文主要的貢獻(xiàn)和具體的研究內(nèi)容包含以下幾個(gè)方面:(1)研究入侵檢測的概念、模型等相關(guān)理論知識;研究入侵檢測方法的分類,分析和比較不同的入侵檢測方法的優(yōu)缺點(diǎn);提出一種改進(jìn)的TCM-KNN異常檢測算法,并將其應(yīng)用于Do S異常檢測;總結(jié)入侵檢測系統(tǒng)當(dāng)前面臨的問題。(2)研究特征選擇算法,包括過濾器模式、封裝器模式和混合器模式三種類型的特征選擇算法,分析比較它們各自的優(yōu)缺點(diǎn)。重點(diǎn)研究幾種典型的特征選擇算法,包括相關(guān)性特征選擇(CFS)、信息增益(IG)、增益率(Gain Ratio)、Relief、Chi Square等,分析它們的原理,比較各自優(yōu)缺點(diǎn)。(3)基于以上的研究,提出一種有效的基于貝葉斯網(wǎng)絡(luò)分類器的特征選擇方法,在保持較高檢測率和較低誤報(bào)率的基礎(chǔ)上,選擇出有利于區(qū)分正常和異常的特征子集,去除與分類不相關(guān)的特征和冗余特征,以降低異常檢測的時(shí)空開銷,提高檢測效率。將所提出的特征選擇方法應(yīng)用于異常檢測,在NSL-KDD標(biāo)準(zhǔn)數(shù)據(jù)集上驗(yàn)證方法的有效性,并將實(shí)驗(yàn)結(jié)果與(2)中的幾種典型的特征選擇方法進(jìn)行對比。主要從時(shí)間、檢測率、誤報(bào)率、分類準(zhǔn)確率等幾個(gè)評估標(biāo)準(zhǔn)來衡量各種方法所選擇的特征子集對分類的重要性。
[Abstract]:With the progress of society and the rapid development of network information technology, the Internet popularization rate and the number of Internet users are rising year by year, people's daily life and work are more and more inseparable from the network. At the same time, the attack means and tools are becoming more and more complex, and the network security is facing severe challenges. Intrusion detection is an important security technology. It analyzes the collected data, determines whether there is an intrusion in the network and takes appropriate measures. However, with the increasing of the network scale and the number of users, the amount of data transmitted in the network has an explosive trend, which makes the intrusion detection system unable to deal with a large amount of information in time, resulting in the IDS response is not timely or even ineffective. In order to solve the above problems, the researchers focus on the feature selection method, which can preprocess the data to be processed by the intrusion detection system, select the features that are more important to the system, and reduce the dimension of the data. Therefore, the efficiency of intrusion detection system can be improved effectively. In general, the main contributions and specific research contents of this paper include the following aspects: 1. Study the concept, model and other relevant theoretical knowledge of intrusion detection; study the classification of intrusion detection methods; The advantages and disadvantages of different intrusion detection methods are analyzed and compared. An improved TCM-KNN anomaly detection algorithm is proposed and applied to do anomaly detection. There are three kinds of feature selection algorithms, filter mode, wrapper mode and mixer mode, and their advantages and disadvantages are analyzed and compared. This paper focuses on several typical feature selection algorithms, including correlation feature selection (CFS), information gain (Square), gain rate (gain rate), and so on. The principle of these algorithms is analyzed, and their respective advantages and disadvantages are compared. An effective feature selection method based on Bayesian network classifier is proposed. On the basis of maintaining high detection rate and low false alarm rate, a feature subset is selected to distinguish normal and abnormal features. In order to reduce the space-time cost of anomaly detection and improve the detection efficiency, the features and redundant features that are not related to classification are removed. The proposed feature selection method is applied to anomaly detection, and the validity of the method is verified on the NSL-KDD standard data set, and the experimental results are compared with several typical feature selection methods in X2). The importance of the feature subsets selected by various methods for classification is measured by several evaluation criteria, such as time, detection rate, false alarm rate, classification accuracy and so on.
【學(xué)位授予單位】：電子科技大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前1條

1 李洋;郭莉;陸天波;田志宏;;TCM-KNN網(wǎng)絡(luò)異常檢測算法優(yōu)化研究[J];通信學(xué)報(bào);2009年07期

相關(guān)碩士學(xué)位論文 前1條

1 李柏生;基于貝葉斯網(wǎng)絡(luò)的入侵檢測模型分析與研究[D];湖南大學(xué);2007年

，

本文編號：1844445