【摘要】：隨著信息技術(shù)的不斷發(fā)展,人類社會(huì)正在發(fā)生重大變革�；ヂ�(lián)網(wǎng)已成為全球人類聯(lián)系的重要紐帶,拉近了人與人之間的距離,成為人類生活中不可缺少的一部分。雖然網(wǎng)絡(luò)新技術(shù)給人類生活帶來(lái)了巨大的便利,但是也引發(fā)了許多安全隱患,提出了安全挑戰(zhàn),尤其是網(wǎng)絡(luò)安全問(wèn)題的不斷凸顯,已經(jīng)嚴(yán)重影響了正常的生活、社會(huì)秩序,給個(gè)人、企業(yè)、國(guó)家、社會(huì)帶來(lái)了很多危害。網(wǎng)絡(luò)安全技術(shù)已成為當(dāng)今社會(huì)需要解決的一個(gè)重要問(wèn)題。 不同于防火墻,VPN等靜態(tài)保護(hù)的方法,入侵檢測(cè)是保證網(wǎng)絡(luò)安全的重要手段,具有重要的研究?jī)r(jià)值和意義。主要表現(xiàn)包括：首先入侵檢測(cè)具有動(dòng)態(tài)防護(hù)特性,并且入侵檢測(cè)技術(shù)融合了多種學(xué)科、多種技術(shù),如：仿生計(jì)算、人工智能、數(shù)據(jù)挖掘、機(jī)器學(xué)習(xí)。因此入侵檢測(cè)還有很多需要深入研究領(lǐng)域。其次隨著云計(jì)算的迅猛發(fā)展,云計(jì)算具有新的特性,邊界模糊導(dǎo)致了防護(hù)墻等靜態(tài)防護(hù)方法不再適用。因此,入侵檢測(cè)技術(shù)將成為保證云計(jì)算安全的重要手段。再次,入侵檢測(cè)具有廣泛的應(yīng)用場(chǎng)景。例如,將入侵檢測(cè)應(yīng)用到互聯(lián)網(wǎng)、軍事網(wǎng)絡(luò)、無(wú)線網(wǎng)絡(luò)、云計(jì)算、物聯(lián)網(wǎng)中,針對(duì)不同的環(huán)境下進(jìn)行防護(hù),入侵檢測(cè)與分布計(jì)算、深度學(xué)習(xí)等方法相結(jié)合等。可見,對(duì)入侵檢測(cè)相關(guān)內(nèi)容的研究是具有理論和應(yīng)用價(jià)值的。 目前,眾多專家致力于入侵檢測(cè)的模型、評(píng)估標(biāo)準(zhǔn)、自身的安全性、檢測(cè)速度、檢測(cè)率、誤報(bào)率、漏報(bào)率、自適應(yīng)性、分布性、方法論以及可行性等方面的研究,并取得了很多理論上的研究成果。本文主要研究了基于粗糙集與人工免疫原理的入侵檢測(cè)模型,主要內(nèi)容有： 1、歸納了當(dāng)前主流的入侵檢測(cè)技術(shù),對(duì)比分析了各自的優(yōu)缺點(diǎn)。將差別矩陣約簡(jiǎn)算法應(yīng)用于入侵檢測(cè)中,分析日志,約簡(jiǎn)冗余屬性,獲得最簡(jiǎn)決策規(guī)則,提高入侵檢測(cè)的速度。由于粗糙集算法計(jì)算復(fù)雜度高,針對(duì)這一問(wèn)題,設(shè)計(jì)了粗糙集并行算法分類器。在粗糙集并行算法分類器中,引入了C-Means聚類方法預(yù)處理決策表,進(jìn)行預(yù)分類,劃分的子類分塊進(jìn)行約簡(jiǎn),獲得決策規(guī)則。仿真結(jié)果表明,粗糙集并行算法分類器能夠約簡(jiǎn)冗余屬性,提高入侵檢測(cè)的速度,采用C-Means聚類方法進(jìn)行預(yù)處理能獲得有效的決策規(guī)則,提高檢測(cè)率。 2、針對(duì)入侵檢測(cè)的分布性、自適應(yīng)性問(wèn)題,將生物免疫原理的自我非自我模型引入到入侵檢測(cè)中,提出了“基因?qū)傩灾匾取钡母拍�。設(shè)計(jì)了一種新的動(dòng)態(tài)疫苗接種的入侵檢測(cè)(Dynamic Immune-based Intrusion Detection using Vaccination, DIIDV)模型,在DIIDV模型中,給出了一種新的基于基因?qū)傩灾匾鹊囊呙缃臃N策略,同時(shí)也提出了一種采用了粗糙集方法獲得初始抗體的方法。DIIDV模型結(jié)合了誤用檢測(cè)和異常檢測(cè)兩種檢測(cè)模式,異常檢測(cè)和誤用檢測(cè)分別檢測(cè)未知入侵和已知入侵。在DIIDV模型的基礎(chǔ)上,給出了相應(yīng)的DIIDV算法。仿真結(jié)果表明,所提出的DIIDV方法具有更好的檢測(cè)性能。采用疫苗接種的策略能提高收斂速度,采用粗糙集獲得初始抗體能夠去除冗余屬性,提高檢測(cè)速度。集成兩種檢測(cè)模式可以提高檢測(cè)率。 3、對(duì)于目前免疫入侵檢測(cè)存在的問(wèn)題,通過(guò)引入粗糙集的方法,結(jié)合誤用檢測(cè)和異常檢測(cè),綜合自我非自我理論和危險(xiǎn)理論,設(shè)計(jì)了一種粗糙集和人工免疫集成入侵檢測(cè)(Integrated Intrusion Detection based on Rough Set and Artificial Immune, RSAI-IID)模型,在RSAI-IID模型中,首先提出了一種在入侵檢測(cè)中疫苗注入的方法。采用粗糙集方法獲取疫苗并進(jìn)行疫苗注入,并保證了疫苗的優(yōu)良性,優(yōu)化檢測(cè)性能。其次改進(jìn)了RSAI-IID算法中重要參數(shù)的自調(diào)節(jié)機(jī)制。最后采用了多種模式集成的檢測(cè)方法提高檢測(cè)率：誤用檢測(cè)篩掉已知的入侵行為,提高檢測(cè)的速度；異常檢測(cè)針對(duì)未知攻擊進(jìn)行實(shí)時(shí)檢測(cè)。自我非自我理論與危險(xiǎn)模型相結(jié)合提高入侵檢測(cè)的收斂速度和自適應(yīng)性。最后在KDD99數(shù)據(jù)集上進(jìn)行實(shí)驗(yàn)仿真,驗(yàn)證了RSAI-IID模型的可行性和有效性。
[Abstract]:With the continuous development of information technology, great changes have taken place in human society. The Internet has become an important link of human contact in the world. It has brought the distance between people and people, and has become an indispensable part of human life. Although the new network technology has brought great convenience to human life, it has also caused a lot of security. The security challenge, especially the network security problem, has seriously affected the normal life, the social order, has brought a lot of harm to the individual, the enterprise, the state and the society. The network security technology has become an important problem to be solved in today's society.
Unlike the methods of static protection such as firewalls and VPN, intrusion detection is an important means to ensure network security. It has important research value and significance. The main manifestations include: first intrusion detection has dynamic protection characteristics, and intrusion detection technology is integrated with a variety of disciplines, a variety of technologies, such as bionic computing, artificial intelligence, data digging. Secondly, with the rapid development of cloud computing, cloud computing has new characteristics, and the boundary blur leads to the static protection methods such as the protective wall no longer applicable. Therefore, intrusion detection technology will become an important means to ensure the security of cloud computing. For example, intrusion detection is applied to the Internet, military network, wireless network, cloud computing, and Internet of things, for the combination of protection in different environments, intrusion detection and distribution calculation, deep learning and so on. It is obvious that the research on intrusion detection content is of theoretical and practical value.
At present, many experts devote themselves to the research of intrusion detection models, evaluation criteria, their own security, detection speed, detection rate, false alarm rate, false alarm rate, adaptive, distribution, methodology and feasibility, and have obtained many theoretical research results. This paper mainly studies the principle of rough set and artificial immunity. Intrusion detection model, the main contents are as follows:
1, the current mainstream intrusion detection technologies are summed up, and their advantages and disadvantages are compared and analyzed. The differential matrix reduction algorithm is applied to intrusion detection, the log is analyzed, the redundancy attributes are reduced, the most simplified decision rules are obtained and the speed of intrusion detection is improved. The rough set algorithm is designed for the rough set algorithm because of the high complexity of the computation. In the classifier of the rough set parallel algorithm, the C-Means clustering method is introduced to preprocess the decision table. The classification is preclassified and the subclasses are divided and the decision rules are obtained. The simulation results show that the rough set parallel algorithm can reduce the redundant attributes, improve the speed of intrusion detection, and use the C-Means clustering method. Preprocessing can get effective decision rules and improve detection rate.
2, in view of the distribution and adaptive problem of intrusion detection, the self non self model of biological immune principle is introduced into intrusion detection, and the concept of "gene attribute importance" is proposed. A new Dynamic Immune-based Intrusion Detection using Vaccination, DIIDV model is designed, and a new dynamic vaccine vaccination (DIIDV) model is designed. In the DIIDV model, a new vaccination strategy based on the importance of gene attribute is given. At the same time, a method of obtaining initial antibody by using the rough set method is also proposed. The.DIIDV model combines two detection modes: misuse detection and anomaly detection. Abnormal detection and misuse detection are used to detect unknown intrusion and known intrusion respectively. In DI On the basis of the IDV model, the corresponding DIIDV algorithm is given. The simulation results show that the proposed DIIDV method has better detection performance. The strategy of vaccination can improve the convergence speed. The rough set can get the initial antibody to remove the redundant attributes and improve the detection speed. The integration of two detection modes can improve the detection rate.
3, for the existing problems of immune intrusion detection, a rough set and artificial immune integrated intrusion detection (Integrated Intrusion Detection based on Rough Set and Artificial Immune, RSAI-IID) are designed by introducing rough sets, combining misuse detection and anomaly detection, and combining self non self theory and danger theory. In the RSAI-IID model, a method of vaccine injection in intrusion detection is first proposed. A rough set method is used to obtain vaccines and vaccine injection, and the quality of the vaccine is guaranteed and the detection performance is optimized. Secondly, the self-regulation mechanism of the important parameters in the RSAI-IID algorithm is improved. Finally, a variety of mode integrated detector is adopted. The method improves the detection rate: misuse the detection to screen out the known intrusion behavior, improve the detection speed, abnormal detection for the unknown attack in real time detection. Self non self theory and risk model combined to improve the convergence speed and adaptability of intrusion detection. Finally, the experimental simulation on the KDD99 data set has been carried out to verify the RSAI-IID model. Feasibility and effectiveness.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級(jí)別】：博士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08;TP18

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 羅守山,陳亞娟,宋傳恒,王自亮,鈕心忻,楊義先;基于用戶擊鍵數(shù)據(jù)的異常入侵檢測(cè)模型[J];北京郵電大學(xué)學(xué)報(bào);2003年04期

2 謝紅;劉人杰;陳純鍇;;基于誤用檢測(cè)與異常行為檢測(cè)的整合模型[J];重慶郵電大學(xué)學(xué)報(bào)(自然科學(xué)版);2012年01期

3 彭宏;;基于粗糙集理論的入侵檢測(cè)方法研究[J];電子科技大學(xué)學(xué)報(bào);2006年01期

4 曾劍平;郭東輝;;基于區(qū)間值2型模糊集的偽裝入侵檢測(cè)算法[J];電子學(xué)報(bào);2008年04期

5 嚴(yán)宣輝;;應(yīng)用疫苗接種策略的免疫入侵檢測(cè)模型[J];電子學(xué)報(bào);2009年04期

6 田俊峰;王惠然;傅s，

本文編號(hào)：2161919