發(fā)布時(shí)間：2018-05-07 21:21

  本文選題：入侵檢測(cè)技術(shù) + 離群點(diǎn)挖掘�。� 參考：《電子科技大學(xué)》2015年碩士論文

【摘要】：隨著信息技術(shù)的快速發(fā)展,特別是互聯(lián)網(wǎng)技術(shù)的發(fā)展,當(dāng)代社會(huì)已經(jīng)進(jìn)入了互聯(lián)網(wǎng)時(shí)代,人們?cè)谏钪刑幪幭硎苤ヂ?lián)網(wǎng)帶來的便利。然而,互聯(lián)網(wǎng)是一把雙刃劍,在給人們帶來便利的同時(shí)也帶來一些不安定的因素,網(wǎng)絡(luò)安全問題造成的損失一直都在困擾著人們。入侵檢測(cè)技術(shù)就是一項(xiàng)針對(duì)各類網(wǎng)絡(luò)攻擊的檢測(cè)技術(shù),入侵檢測(cè)技術(shù)通過分析網(wǎng)絡(luò)數(shù)據(jù)包來檢測(cè)入侵行為,是解決網(wǎng)絡(luò)安全問題的一種有效的技術(shù)。然而,隨著網(wǎng)絡(luò)的快速發(fā)展,入侵檢測(cè)系統(tǒng)所要處理的數(shù)據(jù)變得更加的復(fù)雜,而且網(wǎng)絡(luò)流量是巨大的,傳統(tǒng)的入侵檢測(cè)系統(tǒng)已無法滿足當(dāng)前的入侵檢測(cè)需求。因此,如何使入侵檢測(cè)系統(tǒng)能夠適應(yīng)當(dāng)前的網(wǎng)絡(luò)環(huán)境是當(dāng)前急需解決的問題。針對(duì)入侵檢測(cè)系統(tǒng)所要處理數(shù)據(jù)的兩個(gè)特點(diǎn),高維和海量。本文提出了一種基于屬性相關(guān)性和離群概率的離群點(diǎn)挖掘算法來檢測(cè)入侵行為,通過將數(shù)據(jù)挖掘技術(shù)與入侵檢測(cè)技術(shù)相結(jié)合來改善入侵檢測(cè)系統(tǒng)的性能。數(shù)據(jù)挖掘是一種從海量數(shù)據(jù)集中挖掘出有用的信息的技術(shù),而離群點(diǎn)挖掘技術(shù)是數(shù)據(jù)挖掘中發(fā)現(xiàn)數(shù)據(jù)集中的異常數(shù)據(jù)的一種技術(shù),這與入侵檢測(cè)技術(shù)是檢測(cè)所有行為中的異常行為的宗旨是非常吻合的。本文提出的算法先是通過屬性相關(guān)性分析和屬性約簡得到高維屬性集的屬性子集,該屬性子集能夠保留原有數(shù)據(jù)集的重要信息,而后在屬性子集上計(jì)算數(shù)據(jù)的離群概率來檢測(cè)入侵行為。雖然通過將數(shù)據(jù)挖掘技術(shù)與入侵檢測(cè)技術(shù)相結(jié)合能夠很好的使入侵檢測(cè)系統(tǒng)適應(yīng)當(dāng)前的網(wǎng)絡(luò)環(huán)境,但是傳統(tǒng)的集中式入侵檢測(cè)系統(tǒng)的性能是有限的。因此,本文考慮將算法應(yīng)用到云平臺(tái)中,即將算法并行化來提高入侵檢測(cè)系統(tǒng)的性能。Hadoop是當(dāng)前應(yīng)用較為廣泛的開源云平臺(tái),并且具有可靠性高、擴(kuò)展性好、容錯(cuò)性高等優(yōu)點(diǎn),因此,本文進(jìn)一步將算法結(jié)合Hadoop的MapReduce原理來提高入侵檢測(cè)系統(tǒng)的性能。最后,本文采用KDD CUP99數(shù)據(jù)集對(duì)提出的算法以及并行化的算法進(jìn)行了實(shí)驗(yàn),實(shí)驗(yàn)結(jié)果表明算法能夠有效的發(fā)現(xiàn)入侵行為,并且入侵檢測(cè)系統(tǒng)的性能也是有了較大的改善。
[Abstract]:With the rapid development of information technology, especially the development of Internet technology, the contemporary society has entered the era of Internet, and people enjoy the convenience brought by the Internet everywhere. However, the Internet is a double-edged sword, which brings convenience to people, but also brings some unsettled factors and network security problems caused by the Internet. The loss has been plaguing people all the time. Intrusion detection technology is a detection technology for various network attacks. Intrusion detection technology is an effective technique to solve network security problems by analyzing network data packets. However, with the rapid development of network, the data to be processed by intrusion detection system will be processed. It becomes more complex, and the network traffic is huge. The traditional intrusion detection system has been unable to meet the current intrusion detection requirements. Therefore, how to make the intrusion detection system adaptable to the current network environment is an urgent problem to be solved at present. For the two characteristics of the intrusion detection system to deal with the data, the high dimension and the mass. In this paper, an outlier mining algorithm based on attribute correlation and outlier probability is proposed to detect intrusion behavior. By combining data mining with intrusion detection technology to improve the performance of intrusion detection systems, data mining is a technique for mining useful information from massive data sets, and outlier mining technology is a technology. A technique for discovering abnormal data in data sets in data mining, which is very consistent with the purpose of intrusion detection technology to detect abnormal behavior in all behavior. The algorithm proposed in this paper first obtains a subset of high dimensional attributes by attribute correlation analysis and attribute reduction, and the subset can retain the original number. According to the important information of the collection, the outlier probability of the data is calculated on the subset of attributes to detect the intrusion behavior. Although the combination of data mining technology and intrusion detection technology can well adapt the intrusion detection system to the current network environment, the performance of the traditional centralized intrusion detection system is limited. Considering the application of the algorithm to the cloud platform, the algorithm parallelization to improve the performance of the intrusion detection system.Hadoop is a widely used open source cloud platform, and has the advantages of high reliability, good scalability and high fault tolerance. Therefore, this paper further combines the algorithm with the MapReduce principle of Hadoop to improve the intrusion detection system. Performance. Finally, this paper uses the KDD CUP99 data set to experiment with the proposed algorithm and the parallel algorithm. The experimental results show that the algorithm can effectively detect the intrusion behavior, and the performance of the intrusion detection system is also greatly improved.

【學(xué)位授予單位】：電子科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2015
【分類號(hào)】：TP311.13;TP393.08

【共引文獻(xiàn)】

相關(guān)期刊論文 前5條

1 張寧;;離群點(diǎn)檢測(cè)算法研究[J];桂林電子科技大學(xué)學(xué)報(bào);2009年01期

2 劉曉平;;基于粒度計(jì)算的分類屬性數(shù)據(jù)離群點(diǎn)檢測(cè)算法[J];廣州城市職業(yè)學(xué)院學(xué)報(bào);2014年04期

3 何偉明;;入侵檢測(cè)技術(shù)在網(wǎng)絡(luò)安全中的應(yīng)用[J];計(jì)算機(jī)光盤軟件與應(yīng)用;2014年22期

4 穆俊;;NFPOF算法在入侵檢測(cè)中的應(yīng)用[J];重慶科技學(xué)院學(xué)報(bào)(自然科學(xué)版);2015年02期

5 張峰;;教學(xué)環(huán)境中snort入侵檢測(cè)系統(tǒng)的部署[J];產(chǎn)業(yè)與科技論壇;2015年19期

，

本文編號(hào)：1858510