本文選題：模型檢測 + 入侵檢測��； 參考：《鄭州大學(xué)》2014年碩士論文

【摘要】：隨著網(wǎng)絡(luò)攻擊種類越來越多樣化、攻擊手段越來越復(fù)雜，入侵檢測技術(shù)日益受到重視。入侵檢測是一種重要的網(wǎng)絡(luò)安全技術(shù)，根據(jù)檢測原理不同，該技術(shù)可被劃分為誤用檢測和異常檢測。由于異常檢測的誤報率較高，因此國際上已部署的入侵檢測系統(tǒng)大多采用的是誤用檢測的方法。然而，面對網(wǎng)絡(luò)中大量存在的日益復(fù)雜變化的攻擊模式，基于模式匹配的入侵檢測技術(shù)的檢測能力嚴(yán)重不足。為此，基于模型檢測的入侵檢測技術(shù)被法國學(xué)者提出。 與基于模式匹配的入侵檢測（Intrusion Detection）相比，基于模型檢測的入侵檢測方法可有效提升對復(fù)雜變化攻擊的檢測能力。然而，對當(dāng)前的基于模型檢測的入侵檢測方法而言，仍存在若干問題有待解決。首先，目前的方法均為針對特定的某一種或某幾種來建模，仍然缺乏針對網(wǎng)絡(luò)攻擊的一般過程建模的模型。其次，缺乏一種平臺可以為此類方法的性能比較提供依據(jù)。本文正是基于這兩個問題開展研究，，所完成的主要工作如下： 1.在定義網(wǎng)絡(luò)攻擊的通用過程和網(wǎng)絡(luò)攻擊模型公式的基礎(chǔ)上，本文提出了基于區(qū)間時序邏輯的網(wǎng)絡(luò)攻擊的通用模型。該通用模型可涵蓋網(wǎng)絡(luò)攻擊的一般過程。在新模型的基礎(chǔ)之上實施入侵檢測有助于把基于模型檢測的入侵檢測技術(shù)推廣到多類型攻擊檢測。 2.在研究了KDDCUP99的四大類攻擊的攻擊原理的基礎(chǔ)上，針對KDDCUP99的訓(xùn)練集中13種攻擊類型，將其具體攻擊細(xì)節(jié)轉(zhuǎn)化動作序列，并且將動作序列分解為日志文件中的原子動作行為，給出了每種攻擊的時序邏輯公式，構(gòu)建了13種攻擊類型的攻擊模型公式，為同類入侵檢測方法的性能比較奠定了基礎(chǔ)，并且為實現(xiàn)攻擊類型的能力檢測提供一個技術(shù)框架。
[Abstract]:With the variety of network attacks and the complexity of attack methods, intrusion detection technology has been paid more and more attention. Intrusion detection is an important network security technology. According to the principle of detection, it can be divided into misuse detection and anomaly detection. Because of the high false alarm rate of anomaly detection, most of the intrusion detection systems deployed in the world adopt the method of misuse detection. However, in the face of a large number of increasingly complex attack patterns, the detection ability of intrusion detection technology based on pattern matching is seriously inadequate. Therefore, the intrusion detection technology based on model detection is proposed by French scholars. Compared with intrusion detection based on pattern matching, intrusion detection based on model detection can effectively improve the ability to detect complex change attacks. However, for the current intrusion detection methods based on model detection, there are still some problems to be solved. First of all, the current methods are based on one or several specific models, and still lack a general process modeling model for network attacks. Secondly, the lack of a platform can provide a basis for the performance comparison of such methods. This paper is based on these two issues to carry out research, the main work accomplished as follows: 1. On the basis of defining the general process of network attack and the formula of network attack model, this paper presents a general model of network attack based on interval temporal logic. The general model can cover the general process of network attack. The implementation of intrusion detection based on the new model is helpful to extend the model-based intrusion detection technology to multi-type attack detection. 2. On the basis of studying the attack principle of KDDCUP99's four kinds of attacks, this paper focuses on 13 kinds of attack types of KDDCUP99, transforms the specific attack details into action sequence, and decomposes the action sequence into atomic action behavior in log file. The temporal logic formula of each attack is given, and the attack model formula of 13 attack types is constructed, which lays a foundation for the performance comparison of similar intrusion detection methods, and provides a technical framework for the ability detection of attack types.
【學(xué)位授予單位】：鄭州大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前5條

1 林惠民,張文輝;模型檢測:理論、方法與應(yīng)用[J];電子學(xué)報;2002年S1期

2 周清雷;張兵;席琳;;基于模型檢測的系統(tǒng)生存性分析[J];計算機(jī)工程;2012年17期

3 張新有;曾華q

本文編號：1940900