本文選題：非線性投影尋蹤 + 支持向量機(jī)　； 參考：《山東大學(xué)》2015年碩士論文

【摘要】：網(wǎng)絡(luò)安全監(jiān)測(cè)是計(jì)算機(jī)安全的保障,入侵檢測(cè)技術(shù)是針對(duì)計(jì)算機(jī)安全問(wèn)題而設(shè)計(jì)的一種及時(shí)發(fā)現(xiàn)并識(shí)別入侵行為的技術(shù),是用于檢測(cè)某種行為是否違反網(wǎng)絡(luò)安全策略的技術(shù)。應(yīng)用入侵檢測(cè)系統(tǒng)我們能夠在危害發(fā)生前及時(shí)的發(fā)現(xiàn),并進(jìn)行響應(yīng)報(bào)警,從而限制了某些行為的發(fā)生,減少入侵攻擊造成的損失,并在入侵攻擊后,及時(shí)的留取攻擊行為相關(guān)信息,作為監(jiān)測(cè)模型的原始數(shù)據(jù)信息,添加入學(xué)習(xí)庫(kù)中,用于檢測(cè)以后的入侵行為,增強(qiáng)系統(tǒng)整體的防范作用。根據(jù)網(wǎng)絡(luò)檢測(cè)數(shù)據(jù)分析方式,網(wǎng)絡(luò)入侵檢測(cè)可分為基于主機(jī)的入侵檢測(cè)系統(tǒng)和基于網(wǎng)絡(luò)的入侵檢測(cè)系統(tǒng)。針對(duì)現(xiàn)有入侵檢測(cè)系統(tǒng)的泛化能力低和處理大數(shù)據(jù)耗時(shí)長(zhǎng)的問(wèn)題,本文在基于支持向量機(jī)的網(wǎng)絡(luò)入侵檢測(cè)系統(tǒng)的基礎(chǔ)上,提出了能夠有效解決上述問(wèn)題的方法,在主成分分析的基礎(chǔ)上提出了相似屬性主成分分析方法,在投影尋蹤的基礎(chǔ)上提出了非線性投影尋蹤方法,并將這兩種方法分別與支持向量機(jī)方法相結(jié)合給出了兩個(gè)入侵檢測(cè)系統(tǒng),分別是基于相似屬性主成分分析和支持向量機(jī)的網(wǎng)絡(luò)入侵檢測(cè)系統(tǒng)與基于非線性投影尋蹤與支持向量機(jī)的網(wǎng)絡(luò)入侵檢測(cè)系統(tǒng)。由于現(xiàn)實(shí)中大部分?jǐn)?shù)據(jù)均含有噪音,這就對(duì)入侵檢測(cè)系統(tǒng)的檢測(cè)正確率產(chǎn)生了一定的影響,本文從壓縮感知理論出發(fā)介紹了矩陣低秩重構(gòu)技術(shù),該技術(shù)一般用于解決低秩矩陣恢復(fù)問(wèn)題,該方法首先從傳統(tǒng)的主成分分析方法出發(fā),運(yùn)用高等代數(shù)的知識(shí)將問(wèn)題轉(zhuǎn)化為約束優(yōu)化問(wèn)題,并運(yùn)用加速鄰近梯度算法實(shí)現(xiàn)了對(duì)該問(wèn)題的求解。本文將矩陣重構(gòu)技術(shù)用于入侵檢測(cè),提出了基于矩陣低秩重構(gòu)降維和支持向量機(jī)的網(wǎng)絡(luò)入侵檢測(cè)系統(tǒng)。對(duì)于網(wǎng)絡(luò)入侵檢測(cè)問(wèn)題,模型設(shè)計(jì)及建立的優(yōu)劣,最終還要通過(guò)對(duì)實(shí)際數(shù)據(jù)的檢測(cè)情況來(lái)確認(rèn),構(gòu)建入侵檢測(cè)系統(tǒng)的核心是如何準(zhǔn)確的判斷某個(gè)行為是入侵行為還是正常行為,網(wǎng)絡(luò)數(shù)據(jù)連接是入侵檢測(cè)的重要數(shù)據(jù)來(lái)源,針對(duì)入侵檢測(cè)問(wèn)題關(guān)鍵在于數(shù)據(jù)的處理,通過(guò)對(duì)數(shù)據(jù)的分析來(lái)判斷用戶行為。本文采用著名的KDD99數(shù)據(jù)集作為仿真實(shí)驗(yàn)的數(shù)據(jù),該數(shù)據(jù)包含大量正常的數(shù)據(jù)行為和異常的攻擊行為,并且該數(shù)據(jù)取自美國(guó)空軍模擬的網(wǎng)絡(luò)局域網(wǎng)下,因此足以描述一個(gè)真實(shí)的網(wǎng)絡(luò)環(huán)境。實(shí)證分析作為檢測(cè)系統(tǒng)實(shí)用性的一個(gè)重要手段,本文在現(xiàn)有的入侵檢測(cè)系統(tǒng)基礎(chǔ)上,提出了基于相似屬性主成分分析和支持向量機(jī)的網(wǎng)絡(luò)入侵檢測(cè)系統(tǒng)與基于非線性投影尋蹤與支持向量機(jī)的網(wǎng)絡(luò)入侵檢測(cè)。并將矩陣低秩重構(gòu)技術(shù)用于入侵檢測(cè),提出了基于矩陣重構(gòu)和支持向量機(jī)的網(wǎng)絡(luò)入侵檢測(cè)技術(shù)。通過(guò)采用KDD99數(shù)據(jù)集進(jìn)行了實(shí)證分析,結(jié)果顯示,新提出的入侵檢測(cè)系統(tǒng)有更強(qiáng)的泛化能力和檢測(cè)正確率,并且整個(gè)過(guò)程的檢測(cè)時(shí)間得到了大大提高。
[Abstract]:Network security monitoring is the guarantee of computer security. Intrusion detection technology is a kind of technology designed to detect and identify intrusion behavior in time for computer security problems. It is used to detect whether a certain behavior violates network security policy. By using the intrusion detection system, we can detect the damage in time and respond to the alarm, which limits the occurrence of some behavior, reduces the loss caused by the intrusion attack, and after the intrusion attack, As the original data of the monitoring model, it can be added to the learning library to detect the intrusion behavior in the future and enhance the whole system's preventive effect. The information about the attack behavior is kept in time, and the information is added to the learning library as the original data information of the monitoring model. According to the analysis of network detection data, network intrusion detection can be divided into host-based intrusion detection system and network-based intrusion detection system. In view of the low generalization ability of the existing intrusion detection system and the long time taken to deal with big data, this paper puts forward an effective method to solve the above problems based on the support vector machine based network intrusion detection system. On the basis of principal component analysis, a similar attribute principal component analysis method is proposed, and a nonlinear projection pursuit method is proposed on the basis of projection pursuit. Two intrusion detection systems are presented by combining these two methods with support vector machine (SVM). It is a network intrusion detection system based on similar attribute principal component analysis and support vector machine and a network intrusion detection system based on nonlinear projection pursuit and support vector machine respectively. Because most of the data in reality contain noise, this has a certain influence on the detection accuracy of intrusion detection system. This paper introduces the low rank matrix reconstruction technology based on the theory of compression perception. This technique is generally used to solve the low rank matrix restoration problem. Firstly, the method uses the knowledge of higher algebra to transform the problem into a constrained optimization problem based on the traditional principal component analysis (PCA) method. An accelerated neighborhood gradient algorithm is used to solve the problem. This paper presents a network intrusion detection system based on matrix low rank reconstruction and support vector machine. For the problem of network intrusion detection, the merits and demerits of model design and establishment should be confirmed through the detection of actual data. The core of constructing intrusion detection system is how to accurately judge whether a certain behavior is an intrusion behavior or a normal behavior. Network data connection is an important data source for intrusion detection. The key problem of intrusion detection lies in the processing of data, and the user behavior is judged by analyzing the data. In this paper, the famous KDD99 dataset is used as the data of the simulation experiment, which contains a large number of normal data behavior and abnormal attack behavior, and the data is taken from the simulated network LAN of the US Air Force. So it is enough to describe a real network environment. Empirical analysis as an important means of detection system practicability, this paper based on the existing intrusion detection system, A network intrusion detection system based on similar attribute principal component analysis and support vector machine and a network intrusion detection system based on nonlinear projection pursuit and support vector machine are proposed. The low rank matrix reconstruction technique is applied to intrusion detection, and the network intrusion detection technology based on matrix reconstruction and support vector machine is proposed. The results show that the proposed intrusion detection system has stronger generalization ability and detection accuracy, and the detection time of the whole process has been greatly improved.
【學(xué)位授予單位】：山東大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2015
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前2條

1 李輝,管曉宏,昝鑫,韓崇昭;基于支持向量機(jī)的網(wǎng)絡(luò)入侵檢測(cè)[J];計(jì)算機(jī)研究與發(fā)展;2003年06期

2 高海華,楊輝華,王行愚;基于主元神經(jīng)網(wǎng)絡(luò)和SVM的入侵特征抽取和檢測(cè)[J];計(jì)算機(jī)工程與應(yīng)用;2005年20期

，

本文編號(hào)：1847779