【摘要】：在網(wǎng)絡(luò)信息技術(shù)飛速發(fā)展的今天,網(wǎng)絡(luò)信息技術(shù)正在深刻地改變?nèi)藗兊纳罘绞�。同時(shí),網(wǎng)絡(luò)信息安全問題也逐漸成為影響人們生活的核心問題之一。入侵檢測技術(shù)是保護(hù)網(wǎng)絡(luò)信息安全的一種應(yīng)用比較廣泛重要方法,它的主要特點(diǎn)是能夠?qū)W(wǎng)絡(luò)系統(tǒng)進(jìn)行主動保護(hù)。作為網(wǎng)絡(luò)信息安全的第二條防御戰(zhàn)線,入侵檢測技術(shù)可以對防火墻和信息加密等傳統(tǒng)的信息安全防御技術(shù)進(jìn)行補(bǔ)充和擴(kuò)展,與傳統(tǒng)安全防御手段相結(jié)合一起組成完善的信息安全防御體系。 數(shù)據(jù)挖掘是一種應(yīng)用廣泛的數(shù)據(jù)分析和處理技術(shù)。數(shù)據(jù)挖掘技術(shù)能夠快速有效地對大數(shù)據(jù)進(jìn)行分析和挖掘,從中找出有用和所需的知識信息。對于入侵檢測系統(tǒng)而言,從大量的網(wǎng)絡(luò)系統(tǒng)數(shù)據(jù)中發(fā)現(xiàn)與入侵行為相關(guān)的信息是實(shí)現(xiàn)入侵檢測的關(guān)鍵。將數(shù)據(jù)挖掘應(yīng)用于入侵檢測當(dāng)中,能夠有效發(fā)揮數(shù)據(jù)挖掘技術(shù)處理大數(shù)據(jù)的優(yōu)勢,從數(shù)據(jù)的角度發(fā)現(xiàn)入侵行為的本質(zhì)特征,從而實(shí)現(xiàn)入侵檢測性能的有效提升。 本文對數(shù)據(jù)挖掘中常用的聚類、分類和特征提取等三種技術(shù)在入侵檢測中的應(yīng)用進(jìn)行了研究,以提高入侵檢測系統(tǒng)的檢測效果。首先針對傳統(tǒng)基于劃分的聚類算法在入侵檢測中的應(yīng)用情況,為了解決檢測結(jié)果受初始聚類中心和數(shù)目設(shè)置影響的問題,采用能夠自動決定聚類中心和數(shù)目的仿射傳播聚類算法,與異常檢測技術(shù)相結(jié)合,建立一種入侵檢測系統(tǒng)。然后對分類算法在入侵檢測中的應(yīng)用進(jìn)行了研究,針對傳統(tǒng)KNN分類算法中無法得到最優(yōu)分類面的問題,提出了一種改進(jìn)的KNN分類檢測算法,引入了本地超平面的概念,在傳統(tǒng)KNN分類算法的基礎(chǔ)上,根據(jù)測試樣本點(diǎn)到各類訓(xùn)練樣本本地超平面的距離對測試樣本進(jìn)行分類。最后對入侵檢測中的數(shù)據(jù)預(yù)處理模塊進(jìn)行了研究,針對入侵檢測中原始數(shù)據(jù)含有大量冗余特征信息的問題,在HKNN分類算法的基礎(chǔ)上建立了一種線性判別分析方法,對原始數(shù)據(jù)進(jìn)行特征提取,有效降低了數(shù)據(jù)維度,減少了入侵檢測系統(tǒng)的計(jì)算資源消耗。 最后通過對KDD CUP99數(shù)據(jù)集進(jìn)行仿真實(shí)驗(yàn),對以上各種方法的可行性和有效性進(jìn)行了驗(yàn)證。
[Abstract]:With the rapid development of network information technology, network information technology is profoundly changing people's way of life. At the same time, network information security has gradually become one of the core issues affecting people's lives. Intrusion detection technology is an important and widely used method to protect the network information security. Its main characteristic is that it can protect the network system actively. As the second defense front of network information security, intrusion detection technology can supplement and extend traditional information security defense technologies such as firewalls and information encryption. A perfect information security defense system is formed by combining with traditional security defense methods. Data mining is a widely used technology of data analysis and processing. Data mining technology can quickly and effectively analyze and mine big data to find useful and needed knowledge information. For intrusion detection system, it is the key to realize intrusion detection to discover information related to intrusion behavior from a large amount of network system data. The application of data mining in intrusion detection can give full play to the advantages of data mining technology in dealing with big data and discover the essential characteristics of intrusion behavior from the point of view of data so as to realize the effective improvement of intrusion detection performance. In this paper, the application of clustering, classification and feature extraction in intrusion detection is studied in order to improve the detection effect of intrusion detection system. Firstly, aiming at the application of the traditional partition-based clustering algorithm in intrusion detection, in order to solve the problem that the detection results are affected by the initial clustering center and the number setting, Based on the affine propagation clustering algorithm which can automatically decide the cluster center and the number, an intrusion detection system is established by combining with anomaly detection technology. Then, the application of classification algorithm in intrusion detection is studied. Aiming at the problem that the traditional KNN classification algorithm can not get the optimal classification surface, an improved KNN classification detection algorithm is proposed, and the concept of local hyperplane is introduced. Based on the traditional KNN classification algorithm, the test samples are classified according to the distance from the test sample points to the local hyperplane of all kinds of training samples. Finally, the data preprocessing module in intrusion detection is studied. Aiming at the problem that the original data contains a lot of redundant feature information in intrusion detection, a linear discriminant analysis method is established on the basis of HKNN classification algorithm. The feature extraction of the original data can effectively reduce the data dimension and reduce the computational resource consumption of the intrusion detection system. Finally, the feasibility and effectiveness of the above methods are verified by the simulation of the KDD CUP99 data set.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08;TP311.13

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 毛俐e，

本文編號：2195967