本文選題：網(wǎng)絡(luò)安全 + 入侵檢測��； 參考：《北京郵電大學(xué)》2014年碩士論文

【摘要】：近年來,隨著計(jì)算機(jī)技術(shù)與互聯(lián)網(wǎng)的快速發(fā)展,網(wǎng)絡(luò)信息量呈爆發(fā)式增長。然而,高速發(fā)展的信息技術(shù)在帶給人們便捷的同時(shí),也留下了網(wǎng)絡(luò)安全難題。伴隨著網(wǎng)絡(luò)容量與網(wǎng)民總數(shù)的增長,各種網(wǎng)絡(luò)入侵事件層出不窮,大有愈演愈烈之勢。面對(duì)來勢洶洶的網(wǎng)絡(luò)安全問題,人們提出了各種安全技術(shù)。這其中,入侵檢測技術(shù)作為能化被動(dòng)防守為主動(dòng)攔截的安全技術(shù),正成為人們研究的熱點(diǎn)方向。 然而,傳統(tǒng)的入侵檢測技術(shù)主要是基于規(guī)則匹配的專家知識(shí)系統(tǒng),需要手工更新匹配模式,代價(jià)昂貴而低效。面對(duì)新型入侵手段時(shí),顯得相當(dāng)乏力。為克服這種入侵檢測技術(shù)的弱點(diǎn),出現(xiàn)了大量基于機(jī)器學(xué)習(xí)的入侵檢測技術(shù)。機(jī)器學(xué)習(xí)方法可以直接對(duì)收集到的海量審計(jì)數(shù)據(jù)進(jìn)行訓(xùn)練建模,自動(dòng)生成檢測模型,極大改善入侵檢測系統(tǒng)的效率。 在眾多的機(jī)器學(xué)習(xí)方法中,支持向量機(jī)以其對(duì)小樣本,高維度數(shù)據(jù)良好的分類效率脫穎而出,成為近年來研究的重點(diǎn)。本文將主要研究基于支持向量機(jī)的入侵檢測。主要工作如下： 在詳細(xì)討論了支持向量機(jī)的理論基礎(chǔ)一統(tǒng)計(jì)學(xué)習(xí)理論的基礎(chǔ)上,本文首先提出了基于雙支持向量機(jī)的入侵檢測系統(tǒng),詳細(xì)分析了系統(tǒng)各個(gè)模塊并仿真實(shí)現(xiàn)了各個(gè)模塊。特別地,為解決雙支持向量機(jī)的參數(shù)選擇問題,提出了針對(duì)雙支持向量機(jī)的參數(shù)選擇算法。此外,為能夠直接處理未標(biāo)注類別的原始審計(jì)數(shù)據(jù),還提出了基于單類支持向量機(jī)的入侵檢測系統(tǒng)。為檢驗(yàn)所提出的入侵檢測系統(tǒng)的檢測性能,采用入侵檢測領(lǐng)域廣泛使用的KDD'99數(shù)據(jù)集進(jìn)行實(shí)驗(yàn),并與最新的研究成果進(jìn)行對(duì)比。最終的實(shí)驗(yàn)結(jié)果表明,本文所提出的基于雙支持向量機(jī)的入侵檢測系統(tǒng)在所有4大類攻擊中均取得了檢測率的提升,特別是對(duì)樣本量少的攻擊,提升更為明顯,并取得了最高的總檢測率。而基于單類支持向量機(jī)也能夠有效處理無類別的數(shù)據(jù)集。
[Abstract]:In recent years, with the rapid development of computer technology and Internet, the amount of network information is explosive. However, the rapid development of information technology not only brings convenience to people, but also leaves a difficult problem of network security. With the growth of network capacity and the total number of Internet users, various network intrusions emerge in endlessly and become more and more intense. In the face of the threat of network security, people put forward a variety of security techniques. Among them, intrusion detection technology, as a security technology that can transform passive defense into active interception, is becoming a hot research direction. However, the traditional intrusion detection technology is mainly based on the rule matching expert knowledge system, which needs to update the matching pattern manually, which is expensive and inefficient. In the face of a new type of invasion, it seems rather weak. In order to overcome the weakness of this intrusion detection technology, a large number of intrusion detection techniques based on machine learning have emerged. The machine learning method can directly train and model the massive audit data collected, and generate the detection model automatically, which greatly improves the efficiency of the intrusion detection system. Among many machine learning methods, support vector machine (SVM) has become the focus of research in recent years because of its good classification efficiency for small samples and high dimensional data. This paper will focus on intrusion detection based on support vector machine (SVM). The main work is as follows: based on the detailed discussion of the statistical learning theory, a new intrusion detection system based on double support vector machine is proposed in this paper. Each module of the system is analyzed in detail and each module is realized by simulation. In particular, in order to solve the parameter selection problem of dual support vector machine, a parameter selection algorithm for double support vector machine is proposed. In addition, an intrusion detection system based on single class support vector machine is proposed to deal with the raw audit data of unlabeled classes directly. In order to test the detection performance of the proposed intrusion detection system (IDS), the KDD 99 data set, which is widely used in the field of intrusion detection, is used for experiments and compared with the latest research results. Finally, the experimental results show that the proposed intrusion detection system based on dual support vector machine has achieved a higher detection rate in all four kinds of attacks, especially for small sample size attacks. The highest total detection rate was obtained. And the support vector machine based on single class can also deal with the data set without class effectively.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08;TP18

【參考文獻(xiàn)】

相關(guān)期刊論文 前1條

1 饒鮮,董春曦,楊紹全;基于支持向量機(jī)的入侵檢測系統(tǒng)[J];軟件學(xué)報(bào);2003年04期

，

本文編號(hào)：2034231