基于聚類分析的動態(tài)自適應入侵檢測模式研究
發(fā)布時間:2018-08-11 17:18
【摘要】:隨著網(wǎng)絡(luò)基礎(chǔ)設(shè)施的不斷完善和網(wǎng)絡(luò)應用的越來越豐富,網(wǎng)絡(luò)應用所具有的便捷高效使人們將更多的學習、生活和工作建立在網(wǎng)絡(luò)之上,比如企業(yè)管理、電子商務(wù)等。大量的數(shù)據(jù)需要得到安全的存儲和傳輸,保證其機密性、完整性和可用性。人們對網(wǎng)絡(luò)應用的依賴性越高,網(wǎng)絡(luò)應用系統(tǒng)一旦受到破壞所帶來的損失也就越大。現(xiàn)有的網(wǎng)絡(luò)應用系統(tǒng)為開放式的系統(tǒng),一方面滿足了信息共享的需要,另一方面這種開放性為黑客發(fā)動攻擊提供了可能性,黑客可以利用復雜的互聯(lián)的網(wǎng)絡(luò)和主機系統(tǒng)存在的各種安全漏洞進行攻擊而給組織和個人帶來一定程度的損失,F(xiàn)有的網(wǎng)絡(luò)應用安全防護系統(tǒng)無法確保整個系統(tǒng)不存在任何漏洞,因此入侵檢測系統(tǒng)在網(wǎng)絡(luò)安全中起著非常重要的作用,是網(wǎng)絡(luò)安全防護的必要補充,F(xiàn)有的入侵檢測相關(guān)的研究并不充分,本論文研究正是在這種背景下產(chǎn)生的,是非常有意義的。 本文首先介紹了入侵檢測的概念和發(fā)展,介紹了現(xiàn)有的較有影響的國際入侵檢測規(guī)范建議,入侵檢測常用的技術(shù)手段,并對入侵檢測從不同的角度進行了分類。然后介紹了可用于入侵檢測中的數(shù)據(jù)挖掘算法的應用方式,并對其優(yōu)缺點進行了分析,還對存在于網(wǎng)絡(luò)中的入侵類型和特征進行了分析。最后詳細說明了本文提出的檢測模式,包括入侵檢測模式的整體流程,入侵檢測屬性子集的選擇,數(shù)據(jù)預處理方法和用于入侵檢測的聚類算法,并對本文提出的檢測模式進行了實驗驗證和分析。 現(xiàn)有的基于聚類分析入侵檢測的研究大都通過改進聚類算法增強入侵檢測的效果,并沒有充分利用已知的入侵特征信息,事實上我們已經(jīng)掌握了大量的己知入侵類型的特征信息。由于假定完全不知道被檢測的數(shù)據(jù)特征,這些改進的聚類算法往往具有較高的空間和時間復雜度,這種特點無法適應越來越高的網(wǎng)絡(luò)帶寬和被檢測數(shù)據(jù)量較大的入侵檢測環(huán)境。本文在對入侵特征進行分析的基礎(chǔ)上,提出了用于入侵檢測的屬性集選擇方法。然后本文設(shè)計了一種新的入侵檢測模式,充分利用已掌握的入侵信息計算得到的各種類型中心向量作為改進K-Means算法的初始聚類中心,有效解決了K-Means算法本身存在初始聚類中心難以確定可能導致局部最優(yōu)的問題,并保證了算法的簡潔性。由于已知類型的中心向量能很好的表征被檢測數(shù)據(jù)的分布情況,因此本檢測模式具有較好的收斂性,能滿足現(xiàn)有網(wǎng)絡(luò)越來越高的帶寬需求。當檢測到新的未知入侵類型時,入侵檢測規(guī)則庫應得到及時的更新,使這種檢測模式具有動態(tài)檢測的效果能適應不斷變化的網(wǎng)絡(luò)入侵環(huán)境。通過實驗驗證這種檢測模式是有效的,能檢測出某一種具體的入侵類型,并能有效發(fā)現(xiàn)可能出現(xiàn)的新的入侵類型。
[Abstract]:With the continuous improvement of the network infrastructure and the increasing richness of the network application, the convenience and efficiency of the network application make people learn, live and work more on the network, such as enterprise management, electronic commerce and so on. Large amounts of data need to be safely stored and transmitted to ensure confidentiality, integrity, and availability. The higher the dependence on network application, the greater the loss of network application system once it is damaged. The existing network application system is an open system. On the one hand, it meets the need of information sharing, on the other hand, this openness provides the possibility for hackers to launch attacks. Hackers can take advantage of various security vulnerabilities in complex interconnected networks and host systems to attack organizations and individuals to a certain extent. The existing network application security protection system can not ensure that there are no vulnerabilities in the whole system, so intrusion detection system plays a very important role in network security and is a necessary supplement to network security protection. The existing research on intrusion detection is not sufficient. The research in this paper is produced under this background, and it is very meaningful. This paper first introduces the concept and development of intrusion detection, introduces the existing international intrusion detection standard recommendations, intrusion detection commonly used technical means, and classifies intrusion detection from different angles. Then it introduces the application of data mining algorithm which can be used in intrusion detection, analyzes its advantages and disadvantages, and analyzes the types and features of intrusion existing in the network. Finally, the detection mode proposed in this paper is described in detail, including the whole process of intrusion detection mode, the selection of intrusion detection attribute subset, the method of data preprocessing and the clustering algorithm for intrusion detection. The test model proposed in this paper is verified and analyzed experimentally. The existing research of intrusion detection based on clustering analysis mostly enhances the effect of intrusion detection by improved clustering algorithm, and does not make full use of the known intrusion feature information. In fact, we already have a lot of characteristic information about the type of intrusion we know. These improved clustering algorithms often have high space and time complexity due to the assumption that they do not know the detected data features completely. This feature is unable to adapt to the increasingly high network bandwidth and intrusion detection environment with large amount of detected data. Based on the analysis of intrusion features, an attribute set selection method for intrusion detection is proposed in this paper. Then, a new intrusion detection model is designed, which makes full use of the various types of center vectors obtained from the computation of the existing intrusion information as the initial clustering center of the improved K-Means algorithm. It effectively solves the problem that the initial clustering center of K-Means algorithm itself is difficult to determine, which may lead to local optimization, and ensures the conciseness of the algorithm. Because the known types of center vectors can well represent the distribution of the detected data, the detection mode has a better convergence and can meet the increasing bandwidth requirements of the existing network. When the new unknown intrusion type is detected, the intrusion detection rule base should be updated in time, so that the dynamic detection effect of this detection mode can adapt to the changing network intrusion environment. It is proved by experiments that this detection model is effective, which can detect a specific intrusion type, and can effectively find new intrusion types that may appear.
【學位授予單位】:太原理工大學
【學位級別】:碩士
【學位授予年份】:2013
【分類號】:TP311.13;TP393.08
本文編號:2177691
[Abstract]:With the continuous improvement of the network infrastructure and the increasing richness of the network application, the convenience and efficiency of the network application make people learn, live and work more on the network, such as enterprise management, electronic commerce and so on. Large amounts of data need to be safely stored and transmitted to ensure confidentiality, integrity, and availability. The higher the dependence on network application, the greater the loss of network application system once it is damaged. The existing network application system is an open system. On the one hand, it meets the need of information sharing, on the other hand, this openness provides the possibility for hackers to launch attacks. Hackers can take advantage of various security vulnerabilities in complex interconnected networks and host systems to attack organizations and individuals to a certain extent. The existing network application security protection system can not ensure that there are no vulnerabilities in the whole system, so intrusion detection system plays a very important role in network security and is a necessary supplement to network security protection. The existing research on intrusion detection is not sufficient. The research in this paper is produced under this background, and it is very meaningful. This paper first introduces the concept and development of intrusion detection, introduces the existing international intrusion detection standard recommendations, intrusion detection commonly used technical means, and classifies intrusion detection from different angles. Then it introduces the application of data mining algorithm which can be used in intrusion detection, analyzes its advantages and disadvantages, and analyzes the types and features of intrusion existing in the network. Finally, the detection mode proposed in this paper is described in detail, including the whole process of intrusion detection mode, the selection of intrusion detection attribute subset, the method of data preprocessing and the clustering algorithm for intrusion detection. The test model proposed in this paper is verified and analyzed experimentally. The existing research of intrusion detection based on clustering analysis mostly enhances the effect of intrusion detection by improved clustering algorithm, and does not make full use of the known intrusion feature information. In fact, we already have a lot of characteristic information about the type of intrusion we know. These improved clustering algorithms often have high space and time complexity due to the assumption that they do not know the detected data features completely. This feature is unable to adapt to the increasingly high network bandwidth and intrusion detection environment with large amount of detected data. Based on the analysis of intrusion features, an attribute set selection method for intrusion detection is proposed in this paper. Then, a new intrusion detection model is designed, which makes full use of the various types of center vectors obtained from the computation of the existing intrusion information as the initial clustering center of the improved K-Means algorithm. It effectively solves the problem that the initial clustering center of K-Means algorithm itself is difficult to determine, which may lead to local optimization, and ensures the conciseness of the algorithm. Because the known types of center vectors can well represent the distribution of the detected data, the detection mode has a better convergence and can meet the increasing bandwidth requirements of the existing network. When the new unknown intrusion type is detected, the intrusion detection rule base should be updated in time, so that the dynamic detection effect of this detection mode can adapt to the changing network intrusion environment. It is proved by experiments that this detection model is effective, which can detect a specific intrusion type, and can effectively find new intrusion types that may appear.
【學位授予單位】:太原理工大學
【學位級別】:碩士
【學位授予年份】:2013
【分類號】:TP311.13;TP393.08
【參考文獻】
相關(guān)期刊論文 前10條
1 羅敏,王麗娜,張煥國;基于無監(jiān)督聚類的入侵檢測方法[J];電子學報;2003年11期
2 杜強;孫敏;;基于改進聚類分析算法的入侵檢測系統(tǒng)研究[J];計算機工程與應用;2011年11期
3 余祥宣,盧剛;CIDF的組件通信分析和算法描述[J];計算機工程;2002年05期
4 何波;程勇軍;涂飛;楊武;;自適應入侵檢測專家系統(tǒng)模型[J];計算機工程;2007年10期
5 張亞玲;康立錦;;基于數(shù)據(jù)挖掘的Snort系統(tǒng)改進模型[J];計算機應用;2009年02期
6 王令劍;滕少華;;聚類和時間序列分析在入侵檢測中的應用[J];計算機應用;2010年03期
7 王翠娥;于曉明;;網(wǎng)格和密度聚類算法在入侵檢測中的應用[J];計算機應用;2010年11期
8 謝慧;吳曉平;張志剛;王李民;;基于蟻群聚類的入侵檢測技術(shù)研究[J];計算機應用研究;2010年08期
9 李濤;;基于數(shù)據(jù)挖掘技術(shù)的自適應入侵檢測系統(tǒng)模型[J];計算機工程與設(shè)計;2010年06期
10 唐湘滟;朱幸輝;盛立新;陳曉珍;程杰仁;;基于IDMEF的信息安全事件標準化模型研究[J];網(wǎng)絡(luò)安全技術(shù)與應用;2011年05期
,本文編號:2177691
本文鏈接:http://sikaile.net/guanlilunwen/ydhl/2177691.html
最近更新
教材專著
