本文選題：入侵檢測(cè)系統(tǒng) + 支持向量數(shù)據(jù)描述��； 參考：《北京交通大學(xué)》2014年碩士論文

【摘要】：隨著計(jì)算機(jī)和網(wǎng)絡(luò)的普及,網(wǎng)絡(luò)傳播的信息涉及各行各業(yè),網(wǎng)絡(luò)安全問題逐漸成為人們關(guān)注的一個(gè)焦點(diǎn)。防火墻隔離、網(wǎng)絡(luò)訪問控制等靜態(tài)防御手段已經(jīng)不能滿足當(dāng)前的需要,所以能夠主動(dòng)檢測(cè)并且報(bào)告不安全行為的入侵檢測(cè)系統(tǒng)應(yīng)運(yùn)而生。 然而在實(shí)際的應(yīng)用過程中,極高的漏報(bào)率、誤報(bào)率和大量的重復(fù)報(bào)警是入侵檢測(cè)系統(tǒng)無法避免的缺陷,報(bào)警融合技術(shù)就是為此而提出的。報(bào)警融合的目的是降低漏報(bào)率、誤報(bào)率,減少重復(fù)報(bào)警,以利于管理員清晰的掌握網(wǎng)絡(luò)的發(fā)展態(tài)勢(shì)。但是目前大部分的報(bào)警融合方法只是關(guān)注如何減少重復(fù)報(bào)警,對(duì)于漏報(bào)率和誤報(bào)率方面的研究比較少。本文針對(duì)這方面的研究不足提出了一種新的融合算法,能夠在不降低檢測(cè)率的情況下減少漏報(bào)率和誤報(bào)率,并且通過KDD99數(shù)據(jù)集進(jìn)行了驗(yàn)證。最后針對(duì)重復(fù)報(bào)警的問題,本文也提出了一種動(dòng)態(tài)時(shí)間閾值的報(bào)警融合算法,根據(jù)具體報(bào)警的數(shù)量動(dòng)態(tài)的調(diào)整時(shí)間閾值,讓模型更加接近于真實(shí)情況。 論文的主要研究?jī)?nèi)容如下： (1)分析當(dāng)前入侵檢測(cè)系統(tǒng)的結(jié)構(gòu)特點(diǎn)及常用的入侵檢測(cè)技術(shù),詳細(xì)研究了入侵檢測(cè)技術(shù)的原理、分類、具體的檢測(cè)方法和未來的發(fā)展方向。 (2)闡述并深入分析了四種當(dāng)前主要的報(bào)警融合技術(shù),總結(jié)了各個(gè)融合技術(shù)的優(yōu)缺點(diǎn),對(duì)當(dāng)前融合技術(shù)存在的問題進(jìn)行了剖析,提出了改進(jìn)的思想。 (3)將單類支持向量機(jī)中的支持向量數(shù)據(jù)描述算法融入到報(bào)警融合,并結(jié)合模擬退火的思想,不僅能夠剔除冗余特征,減少無關(guān)屬性的干擾,而且通過多個(gè)分類器的融合決策,在一定程度上降低了報(bào)警信息的誤報(bào)率和漏報(bào)率。 (4)由于時(shí)間的特殊性,本文提出了一種基于動(dòng)態(tài)時(shí)間閾值的報(bào)警融合算法,根據(jù)具體報(bào)警的數(shù)量動(dòng)態(tài)的調(diào)整時(shí)間閾值,大大減少了重復(fù)報(bào)警的數(shù)量。 最后,對(duì)本文的工作進(jìn)行了簡(jiǎn)單的概括與分析,同時(shí),提出了未來的主要工作方向。
[Abstract]:With the popularity of computers and networks, the information transmitted by the network involves various industries, and network security has gradually become a focus of attention. Firewall isolation, network access control and other static defense methods can not meet the current needs, so intrusion detection system (IDS) can detect and report unsafe behavior actively. However, in the practical application process, the extremely high false alarm rate, false alarm rate and a large number of repeated alarms are unavoidable defects in the intrusion detection system. The alarm fusion technology is proposed for this purpose. The purpose of alarm fusion is to reduce the false alarm rate, false alarm rate and repeat alarm rate, so as to help the administrator to grasp the development situation of the network clearly. However, most of the current alarm fusion methods only focus on how to reduce repeated alarm, and there are few researches on false alarm rate and false alarm rate. In this paper, a new fusion algorithm is proposed, which can reduce the false alarm rate and false alarm rate without reducing the detection rate, and is verified by the KDD99 data set. Finally, aiming at the problem of repeated alarm, this paper also proposes an alarm fusion algorithm of dynamic time threshold, which adjusts the time threshold dynamically according to the number of specific alarms, so that the model is closer to the real situation. The main contents of this thesis are as follows: 1) analyzing the structure characteristic of the current intrusion detection system and the commonly used intrusion detection technology, the principle, classification, concrete detection method and the future development direction of the intrusion detection technology are studied in detail. This paper expounds and analyzes four kinds of current alarm fusion technology, summarizes the advantages and disadvantages of each fusion technology, analyzes the problems existing in the current fusion technology, and puts forward the idea of improvement. 3) integrating the support vector data description algorithm of single class support vector machine into alarm fusion, and combining with the idea of simulated annealing, it can not only eliminate redundant features and reduce the interference of independent attributes, but also make fusion decision by multiple classifiers. To a certain extent, the false alarm rate and false alarm rate are reduced. Due to the particularity of time, this paper presents an alarm fusion algorithm based on dynamic time threshold, which adjusts the time threshold dynamically according to the number of specific alarms, and greatly reduces the number of repeated alarms. Finally, the work of this paper is briefly summarized and analyzed, and the main work direction in the future is put forward.
【學(xué)位授予單位】：北京交通大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前5條

1 晏少華;徐蕾;;基于動(dòng)態(tài)時(shí)間閾值的報(bào)警聚合方法研究[J];沈陽(yáng)航空工業(yè)學(xué)院學(xué)報(bào);2010年05期

2 穆成坡,黃厚寬,田盛豐,林友芳,秦遠(yuǎn)輝;基于模糊綜合評(píng)判的入侵檢測(cè)報(bào)警信息處理[J];計(jì)算機(jī)研究與發(fā)展;2005年10期

3 葉苗;王勇;麥范金;陳超泉;;基于SVM的數(shù)據(jù)融合方法在DIDS中的應(yīng)用[J];計(jì)算機(jī)工程;2008年04期

4 郭帆;余敏;葉繼華;;一種基于分類和相似度的報(bào)警聚合方法[J];計(jì)算機(jī)應(yīng)用;2007年10期

5 馮玉才,馮劍琳;關(guān)聯(lián)規(guī)則的增量式更新算法[J];軟件學(xué)報(bào);1998年04期

，

本文編號(hào)：1910329