本文選題：入侵檢測(cè) + 深度學(xué)習(xí)�。� 參考：《北京交通大學(xué)》2017年碩士論文

【摘要】：網(wǎng)絡(luò)應(yīng)用的普及在給人們帶來(lái)無(wú)窮便利的同時(shí)也使網(wǎng)絡(luò)安全問(wèn)題日益凸顯。入侵檢測(cè)技術(shù)是一種積極主動(dòng)的網(wǎng)絡(luò)安全防護(hù)技術(shù),它可提供對(duì)內(nèi)部攻擊、外部攻擊和誤操作的實(shí)時(shí)保護(hù),在網(wǎng)絡(luò)系統(tǒng)受到攻擊之前對(duì)其進(jìn)行有效的攔截和阻止。論文在介紹入侵檢測(cè)系統(tǒng)的基本概念、結(jié)構(gòu)及分類(lèi)和檢測(cè)方法的基礎(chǔ)上,論述了入侵檢測(cè)技術(shù),深度學(xué)習(xí)理論,基于主成分分析的數(shù)據(jù)預(yù)處理方法以及聚類(lèi)算法的國(guó)內(nèi)外研究現(xiàn)狀,詳細(xì)闡述了深度學(xué)習(xí)的理論、包括深度神經(jīng)網(wǎng)絡(luò)和卷積神經(jīng)網(wǎng)絡(luò)的關(guān)鍵模型及技術(shù),同時(shí)分析了主成分分析和聚類(lèi)兩種算法的理論基礎(chǔ)。論文的主要工作及創(chuàng)新點(diǎn)有以下三個(gè)方面:(1)在入侵檢測(cè)的數(shù)據(jù)預(yù)處理階段,本文在研究了基于主成分分析的數(shù)據(jù)特征提取方法后,提出了一種快速的多個(gè)主成分并行提取算法。該算法能夠同時(shí)提取信號(hào)中的多個(gè)主成分而不需要進(jìn)行額外的歸一化操作,仿真實(shí)驗(yàn)驗(yàn)證了所提算法的合理性和有效性。(2)論文建立了兩個(gè)深度學(xué)習(xí)模型。一為深度神經(jīng)網(wǎng)絡(luò)模型,通過(guò)應(yīng)用傳統(tǒng)BP神經(jīng)網(wǎng)絡(luò)并添加Dropout層防止過(guò)擬合,使用Mini-batch及Batch-normalization來(lái)快速收斂減少模型運(yùn)行時(shí)間,使用改進(jìn)的隨機(jī)梯度下降(SGD)最優(yōu)化方法來(lái)防止模型陷入局部極值點(diǎn);二為卷積神經(jīng)網(wǎng)絡(luò)模型,通過(guò)選取卷積核與數(shù)據(jù)進(jìn)行卷積操作提取特征的局部相關(guān)性來(lái)提高特征提取的準(zhǔn)確度,通過(guò)多層"卷積層-下采樣層"的處理對(duì)網(wǎng)絡(luò)中正常行為和異常行為的特征進(jìn)行深度刻畫(huà),最后通過(guò)多層感知機(jī)進(jìn)行正確分類(lèi)。在入侵檢測(cè)領(lǐng)域的經(jīng)典KDD 99數(shù)據(jù)集上的實(shí)驗(yàn)表明,論文提出的深度神經(jīng)網(wǎng)絡(luò)模型和卷積神經(jīng)網(wǎng)絡(luò)模型,與經(jīng)典BP神經(jīng)網(wǎng)絡(luò)、SVM算法等相比,能有效提高入侵檢測(cè)識(shí)別的分類(lèi)準(zhǔn)確性;與其它深度學(xué)習(xí)模型相比,性能也能夠基本持平。(3)論文提出一混合入侵檢測(cè)框架。首先將輸入數(shù)據(jù)通過(guò)基于K-means的特征選擇聚類(lèi)模型,然后通過(guò)采用提出的多個(gè)主成分并行提取算法對(duì)數(shù)據(jù)集進(jìn)行數(shù)據(jù)壓縮預(yù)處理,再進(jìn)入深度神經(jīng)網(wǎng)絡(luò)模型對(duì)數(shù)據(jù)進(jìn)行訓(xùn)練。這樣可以先對(duì)U2R及R2L等罕見(jiàn)攻擊進(jìn)行識(shí)別,進(jìn)而使進(jìn)入深度神經(jīng)網(wǎng)絡(luò)模型的數(shù)據(jù)更加準(zhǔn)確。通過(guò)此混合入侵檢測(cè)框架,不僅對(duì)整體的網(wǎng)絡(luò)數(shù)據(jù)檢測(cè)率較高,而且能夠有效提高對(duì)U2R及R2L等罕見(jiàn)攻擊的檢測(cè)率。
[Abstract]:The popularity of network applications not only brings endless convenience to people, but also makes network security problems increasingly prominent. Intrusion detection technology is a proactive network security protection technology, which can provide real-time protection against internal attacks, external attacks and misoperations, and effectively intercept and prevent network systems before they are attacked. On the basis of introducing the basic concept, structure, classification and detection methods of intrusion detection system, this paper discusses the intrusion detection technology and the theory of depth learning. Based on the data preprocessing method of principal component analysis and the research status of clustering algorithm at home and abroad, the theory of depth learning is elaborated in detail, including the key models and techniques of depth neural network and convolutional neural network. At the same time, the theoretical basis of principal component analysis and clustering algorithm is analyzed. The main work and innovation of this paper are as follows: (1) in the data preprocessing phase of intrusion detection, after studying the method of feature extraction based on principal component analysis (PCA), a fast parallel extraction algorithm for multiple principal components is proposed. The algorithm can extract multiple principal components from the signal simultaneously without additional normalization operation. The simulation results show that the proposed algorithm is reasonable and effective. (2) two depth learning models are established in this paper. The first is the deep neural network model. By applying traditional BP neural network and adding Dropout layer to prevent over-fitting, Mini-batch and Batch-normalization are used to reduce the running time of the model. The improved stochastic gradient descent (SGD) optimization method is used to prevent the model from falling into local extremum. In order to improve the accuracy of feature extraction, we select convolution kernel and data to extract the local correlation of feature by convolution operation. The characteristics of normal behavior and abnormal behavior in the network are described in depth by the processing of multi-layer "convolution-down-sampling layer". Finally, the correct classification is carried out by multi-layer perceptron. Experiments on the classical KDD99 dataset in intrusion detection field show that the proposed depth neural network model and convolutional neural network model are compared with the classical BP neural network and SVM algorithm. It can effectively improve the classification accuracy of intrusion detection and recognition, compared with other depth learning models, the performance is basically the same. (3) this paper proposes a hybrid intrusion detection framework. Firstly, the input data is selected by K-means based feature clustering model, then the data set is compressed and preprocessed by using the proposed multi-principal component parallel extraction algorithm, and then the data is trained in the depth neural network model. In this way, the rare attacks such as U2R and R2L can be identified first, and then the data entering the depth neural network model can be more accurate. This hybrid intrusion detection framework not only has a high detection rate for the whole network data, but also can effectively improve the detection rate of rare attacks such as U2R and R2L.
【學(xué)位授予單位】：北京交通大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類(lèi)號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 李玉東;史健芳;;基于數(shù)據(jù)挖掘的網(wǎng)絡(luò)入侵檢測(cè)系統(tǒng)研究[J];中國(guó)石油和化工;2014年11期

2 李喬;何慧;方濱興;張宏莉;王雅山;;基于信任的網(wǎng)絡(luò)群體異常行為發(fā)現(xiàn)[J];計(jì)算機(jī)學(xué)報(bào);2014年01期

3 李翔宇;王開(kāi)軍;郭躬德;;基于網(wǎng)格最小生成樹(shù)的聚類(lèi)算法選擇[J];模式識(shí)別與人工智能;2013年01期

4 池水明;周蘇杭;;DDoS攻擊防御技術(shù)研究[J];信息網(wǎng)絡(luò)安全;2012年05期

5 肖立中;邵志清;馬漢華;王秀英;劉剛;;網(wǎng)絡(luò)入侵檢測(cè)中的自動(dòng)決定聚類(lèi)數(shù)算法[J];軟件學(xué)報(bào);2008年08期

6 傅濤;孫文靜;孫亞民;;基于分箱統(tǒng)計(jì)的FCM算法及其在網(wǎng)絡(luò)入侵檢測(cè)中的應(yīng)用[J];計(jì)算機(jī)科學(xué);2008年04期

7 孫吉貴;劉杰;趙連宇;;聚類(lèi)算法研究[J];軟件學(xué)報(bào);2008年01期

8 ;Information criterion based fast PCA adaptive algorithm[J];Journal of Systems Engineering and Electronics;2007年02期

9 田俊峰;張U，

本文編號(hào)：2085536