本文選題：入侵檢測 + 深度學(xué)習(xí)��； 參考：《北京交通大學(xué)》2017年碩士論文

【摘要】：網(wǎng)絡(luò)應(yīng)用的普及在給人們帶來無窮便利的同時也使網(wǎng)絡(luò)安全問題日益凸顯。入侵檢測技術(shù)是一種積極主動的網(wǎng)絡(luò)安全防護技術(shù),它可提供對內(nèi)部攻擊、外部攻擊和誤操作的實時保護,在網(wǎng)絡(luò)系統(tǒng)受到攻擊之前對其進行有效的攔截和阻止。論文在介紹入侵檢測系統(tǒng)的基本概念、結(jié)構(gòu)及分類和檢測方法的基礎(chǔ)上,論述了入侵檢測技術(shù),深度學(xué)習(xí)理論,基于主成分分析的數(shù)據(jù)預(yù)處理方法以及聚類算法的國內(nèi)外研究現(xiàn)狀,詳細闡述了深度學(xué)習(xí)的理論、包括深度神經(jīng)網(wǎng)絡(luò)和卷積神經(jīng)網(wǎng)絡(luò)的關(guān)鍵模型及技術(shù),同時分析了主成分分析和聚類兩種算法的理論基礎(chǔ)。論文的主要工作及創(chuàng)新點有以下三個方面:(1)在入侵檢測的數(shù)據(jù)預(yù)處理階段,本文在研究了基于主成分分析的數(shù)據(jù)特征提取方法后,提出了一種快速的多個主成分并行提取算法。該算法能夠同時提取信號中的多個主成分而不需要進行額外的歸一化操作,仿真實驗驗證了所提算法的合理性和有效性。(2)論文建立了兩個深度學(xué)習(xí)模型。一為深度神經(jīng)網(wǎng)絡(luò)模型,通過應(yīng)用傳統(tǒng)BP神經(jīng)網(wǎng)絡(luò)并添加Dropout層防止過擬合,使用Mini-batch及Batch-normalization來快速收斂減少模型運行時間,使用改進的隨機梯度下降(SGD)最優(yōu)化方法來防止模型陷入局部極值點;二為卷積神經(jīng)網(wǎng)絡(luò)模型,通過選取卷積核與數(shù)據(jù)進行卷積操作提取特征的局部相關(guān)性來提高特征提取的準確度,通過多層"卷積層-下采樣層"的處理對網(wǎng)絡(luò)中正常行為和異常行為的特征進行深度刻畫,最后通過多層感知機進行正確分類。在入侵檢測領(lǐng)域的經(jīng)典KDD 99數(shù)據(jù)集上的實驗表明,論文提出的深度神經(jīng)網(wǎng)絡(luò)模型和卷積神經(jīng)網(wǎng)絡(luò)模型,與經(jīng)典BP神經(jīng)網(wǎng)絡(luò)、SVM算法等相比,能有效提高入侵檢測識別的分類準確性;與其它深度學(xué)習(xí)模型相比,性能也能夠基本持平。(3)論文提出一混合入侵檢測框架。首先將輸入數(shù)據(jù)通過基于K-means的特征選擇聚類模型,然后通過采用提出的多個主成分并行提取算法對數(shù)據(jù)集進行數(shù)據(jù)壓縮預(yù)處理,再進入深度神經(jīng)網(wǎng)絡(luò)模型對數(shù)據(jù)進行訓(xùn)練。這樣可以先對U2R及R2L等罕見攻擊進行識別,進而使進入深度神經(jīng)網(wǎng)絡(luò)模型的數(shù)據(jù)更加準確。通過此混合入侵檢測框架,不僅對整體的網(wǎng)絡(luò)數(shù)據(jù)檢測率較高,而且能夠有效提高對U2R及R2L等罕見攻擊的檢測率。
[Abstract]:The popularity of network applications not only brings endless convenience to people, but also makes network security problems increasingly prominent. Intrusion detection technology is a proactive network security protection technology, which can provide real-time protection against internal attacks, external attacks and misoperations, and effectively intercept and prevent network systems before they are attacked. On the basis of introducing the basic concept, structure, classification and detection methods of intrusion detection system, this paper discusses the intrusion detection technology and the theory of depth learning. Based on the data preprocessing method of principal component analysis and the research status of clustering algorithm at home and abroad, the theory of depth learning is elaborated in detail, including the key models and techniques of depth neural network and convolutional neural network. At the same time, the theoretical basis of principal component analysis and clustering algorithm is analyzed. The main work and innovation of this paper are as follows: (1) in the data preprocessing phase of intrusion detection, after studying the method of feature extraction based on principal component analysis (PCA), a fast parallel extraction algorithm for multiple principal components is proposed. The algorithm can extract multiple principal components from the signal simultaneously without additional normalization operation. The simulation results show that the proposed algorithm is reasonable and effective. (2) two depth learning models are established in this paper. The first is the deep neural network model. By applying traditional BP neural network and adding Dropout layer to prevent over-fitting, Mini-batch and Batch-normalization are used to reduce the running time of the model. The improved stochastic gradient descent (SGD) optimization method is used to prevent the model from falling into local extremum. In order to improve the accuracy of feature extraction, we select convolution kernel and data to extract the local correlation of feature by convolution operation. The characteristics of normal behavior and abnormal behavior in the network are described in depth by the processing of multi-layer "convolution-down-sampling layer". Finally, the correct classification is carried out by multi-layer perceptron. Experiments on the classical KDD99 dataset in intrusion detection field show that the proposed depth neural network model and convolutional neural network model are compared with the classical BP neural network and SVM algorithm. It can effectively improve the classification accuracy of intrusion detection and recognition, compared with other depth learning models, the performance is basically the same. (3) this paper proposes a hybrid intrusion detection framework. Firstly, the input data is selected by K-means based feature clustering model, then the data set is compressed and preprocessed by using the proposed multi-principal component parallel extraction algorithm, and then the data is trained in the depth neural network model. In this way, the rare attacks such as U2R and R2L can be identified first, and then the data entering the depth neural network model can be more accurate. This hybrid intrusion detection framework not only has a high detection rate for the whole network data, but also can effectively improve the detection rate of rare attacks such as U2R and R2L.
【學(xué)位授予單位】：北京交通大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2017
【分類號】：TP393.08

【參考文獻】

相關(guān)期刊論文 前10條

1 李玉東;史健芳;;基于數(shù)據(jù)挖掘的網(wǎng)絡(luò)入侵檢測系統(tǒng)研究[J];中國石油和化工;2014年11期

2 李喬;何慧;方濱興;張宏莉;王雅山;;基于信任的網(wǎng)絡(luò)群體異常行為發(fā)現(xiàn)[J];計算機學(xué)報;2014年01期

3 李翔宇;王開軍;郭躬德;;基于網(wǎng)格最小生成樹的聚類算法選擇[J];模式識別與人工智能;2013年01期

4 池水明;周蘇杭;;DDoS攻擊防御技術(shù)研究[J];信息網(wǎng)絡(luò)安全;2012年05期

5 肖立中;邵志清;馬漢華;王秀英;劉剛;;網(wǎng)絡(luò)入侵檢測中的自動決定聚類數(shù)算法[J];軟件學(xué)報;2008年08期

6 傅濤;孫文靜;孫亞民;;基于分箱統(tǒng)計的FCM算法及其在網(wǎng)絡(luò)入侵檢測中的應(yīng)用[J];計算機科學(xué);2008年04期

7 孫吉貴;劉杰;趙連宇;;聚類算法研究[J];軟件學(xué)報;2008年01期

8 ;Information criterion based fast PCA adaptive algorithm[J];Journal of Systems Engineering and Electronics;2007年02期

9 田俊峰;張U，

本文編號：2085536