本文選題：入侵檢測 + 線性時序邏輯　； 參考：《鄭州大學(xué)》2014年碩士論文

【摘要】：目前國際上已實現(xiàn)的入侵檢測系統(tǒng)絕大多數(shù)使用模式匹配來檢測入侵。隨著網(wǎng)絡(luò)數(shù)據(jù)量的增大，上述系統(tǒng)面臨著一些難以解決的問題。為此,一些形式化的方法被提了出來并被應(yīng)用到入侵檢測系統(tǒng)中去。其中基于命題線性時序邏輯(PLTL)的方法即為其中具有代表性的一種,并被證實可用來檢測可變化的復(fù)雜攻擊。然而，基于PLTL的方法與其他相關(guān)方法相比，其綜合性能有哪些優(yōu)勢與不足，目前尚不清楚，這是本文開展研究和解決的問題。本文所做的主要工作包括兩個部分： （1）詳細(xì)分析了誤用檢測技術(shù)中的模式匹配算法(MPA)和基于模型檢測的入侵檢測算法(MCA)。并在KDD99數(shù)據(jù)集的基礎(chǔ)上，構(gòu)造基于行為的入侵檢測數(shù)據(jù)集，開展仿真實驗，從而對這兩個算法的檢測能力、檢測效率進行了比較。 （2）提出了一種基于投影時序邏輯（PTL）的多類型攻擊檢測方法(USA)。該方法主要通過對攻擊者、攻擊過程、攻擊效果建立形式化子模型，利用PTL把子模型結(jié)合起來，得到多類型攻擊的PTL公式模型。將數(shù)據(jù)集和公式模型作為輸入，利用模型檢測算法來檢測入侵。實驗結(jié)果表明，，新方法的檢測能力更加全面和有效。 上述的研究工作對入侵檢測算法的性能比較獲得了一些初步結(jié)論，從而為實際應(yīng)用中相關(guān)算法的選擇提供了參考依據(jù)。
[Abstract]:At present, most of the intrusion detection systems in the world use pattern matching to detect intrusion. With the increase of network data, these systems are facing some difficult problems. Therefore, some formal methods have been proposed and applied to intrusion detection systems. Among them, the method based on propositional linear temporal logic (PLTL) is one of the representative, and has been proved to be used to detect complex attacks that can be changed. However, it is not clear what the advantages and disadvantages of the PLTL based method compared with other related methods, which is the research and solution of this paper. The main work of this paper consists of two parts: (1) the pattern matching algorithm (MPA) and the intrusion detection algorithm (MCA) based on model detection are analyzed in detail. On the basis of KDD99 data set, the behavior based intrusion detection data set is constructed, and the simulation experiment is carried out, so that the detection ability and detection efficiency of the two algorithms are compared. A multi-type attack detection method based on projection temporal logic (PTL) is proposed. In this method, a formal submodel is established for the attacker, attack process and attack effect, and the PTL formula model of multiple attacks is obtained by combining the sub-model with PTL. The data set and formula model are used as input, and the model detection algorithm is used to detect intrusion. The experimental results show that the detection ability of the new method is more comprehensive and effective. The above work has obtained some preliminary conclusions on the performance comparison of intrusion detection algorithms, thus providing a reference for the selection of relevant algorithms in practical applications.
【學(xué)位授予單位】：鄭州大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前3條

1 朱維軍;王迤冉;周清雷;;一種基于投影時序邏輯模型檢測的入侵檢測方法[J];網(wǎng)絡(luò)安全技術(shù)與應(yīng)用;2010年03期

2 朱維軍;王忠勇;張海賓;;一種基于區(qū)間時序邏輯模型檢測的入侵檢測算法(英文)[J];中國通信;2011年03期

3 朱維軍;周清雷;張海賓;;從線性時序邏輯公式到自動機的轉(zhuǎn)換算法(英文)[J];中國通信;2012年06期

相關(guān)博士學(xué)位論文 前1條

1 程亮;基于模型檢測的安全操作系統(tǒng)驗證方法研究[D];中國科學(xué)技術(shù)大學(xué);2009年

本文編號：1898509