基于深度學習和半監(jiān)督聚類的入侵防御技術研究
發(fā)布時間:2018-08-31 08:36
【摘要】:網(wǎng)絡安全問題一直是網(wǎng)絡健康發(fā)展所關心的重點。傳統(tǒng)的網(wǎng)絡安全防護技術的有防火墻、入侵檢測等技術,然而在目前復雜的網(wǎng)絡環(huán)境下,傳統(tǒng)的網(wǎng)絡安全防護技術無法滿足網(wǎng)絡安全的需要。入侵防御系統(tǒng)以入侵檢測作為核心技術,兼具防火墻技術和入侵檢測技術的優(yōu)點,不僅能夠檢測出入侵行為,也能及時采取保護措施,具有主動防御功能,能夠有效的提高網(wǎng)絡的安全保障。入侵檢測算法通常以距離和概率為基礎進行檢測,能夠發(fā)現(xiàn)簡單的入侵行為,但難以找出特征元素之間的關聯(lián),對于攻擊手段更加隱蔽的入侵行為無法進行有效的防御。深度學習(Deep Learning)模擬了人腦的思維模式,逐步提取出抽象特征,并且將得到的抽象特征用于分類處理。深度學習算法的核心在于多層次的學習,通過多層次的特征提取,發(fā)現(xiàn)數(shù)據(jù)間內(nèi)在的聯(lián)系。將深度學習用于入侵檢測,可以發(fā)現(xiàn)入侵數(shù)據(jù)中的隱含攻擊行為,進而提高其檢測準確率。半監(jiān)督學習使用少量標記數(shù)據(jù)和大量未標記數(shù)據(jù)進行訓練,降低了對樣本的要求。本文將半監(jiān)督學習引入入侵檢測算法,提出了一種基于深度學習和半監(jiān)督聚類的入侵檢測算法。本算法是對基于淺層學習(Shallow Learning)的入侵檢測算法的改進;跍\層學習的入侵檢測算法,以反向傳播算法進行訓練,需要大量的標記數(shù)據(jù)和多次的實驗來調(diào)整參數(shù),而且在隱含層較多的情況下容易產(chǎn)生梯度彌散,并且難以確定隱含單元的數(shù)量。本算法使用稀疏自編碼器對隱含層進行訓練,使用逐層貪心算法調(diào)整參數(shù),可以解決梯度彌散的問題。稀疏性能夠?qū)﹄[含層單元是否激活形成限制,可以有效處理基于自編碼的深度學習算法對隱含層單元難以確定問題。該算法將基于稀疏自編碼器的深度學習和半監(jiān)督聚類進行結(jié)合,可以在使用一定量的標記數(shù)據(jù)的基礎上進行訓練出高效的算法參數(shù),具有在使用少量帶標記數(shù)據(jù)的情況下提高檢測率的優(yōu)點。基于網(wǎng)絡的實際狀況,本文選取了一些具有代表性的數(shù)據(jù)進行測試,測試結(jié)果同基于K均值,C均值,淺層學習等入侵檢測算法進行比較。實驗結(jié)果表明,基于深度學習和半監(jiān)督聚類的入侵檢測算法能夠有效提高檢測效率,并且克服了傳統(tǒng)基于聚類的入侵檢測算法對于初始化聚類數(shù)據(jù)敏感、噪聲影響嚴重等問題。最后研究了基于深度學習和半監(jiān)督聚類的入侵防御系統(tǒng),介紹了該系統(tǒng)的工作原理,并給出了該系統(tǒng)的部署方式。
[Abstract]:Network security has always been the focus of the healthy development of the network. Traditional network security protection technologies include firewall, intrusion detection and so on. However, in the current complex network environment, the traditional network security protection technology can not meet the needs of network security. With the advantages of firewall technology and intrusion detection technology, it can not only detect intrusion, but also take timely protective measures. It has active defense function and can effectively improve the security of the network. Deep Learning simulates the thinking pattern of human brain, extracts abstract features gradually, and uses the abstract features to classify. The core of the depth learning algorithm is multi-level learning, through multi-level learning. Semi-supervised learning uses a small number of labeled data and a large number of unlabeled data to train, which reduces the requirement for samples. Semi-supervised learning is introduced in this paper. An intrusion detection algorithm based on depth learning and semi-supervised clustering is proposed. This algorithm is an improvement on the Shallow Learning based intrusion detection algorithm. The algorithm uses sparse self-encoder to train the hidden layer and adjusts the parameters by layer-by-layer greedy algorithm to solve the problem of gradient dispersion. This algorithm combines depth learning based on sparse self-encoder with semi-supervised clustering, and can train high-efficient algorithm parameters on the basis of a certain amount of labeled data, with a small amount of labeled data. Based on the actual situation of the network, this paper selects some representative data to test, and the test results are compared with the intrusion detection algorithm based on K-means, C-means, shallow learning and so on. The experimental results show that the intrusion detection algorithm based on depth learning and semi-supervised clustering can be effectively improved. At last, the intrusion prevention system based on depth learning and semi-supervised clustering is studied. The principle of the system is introduced, and the deployment of the system is given.
【學位授予單位】:江蘇科技大學
【學位級別】:碩士
【學位授予年份】:2016
【分類號】:TP393.08
,
本文編號:2214466
[Abstract]:Network security has always been the focus of the healthy development of the network. Traditional network security protection technologies include firewall, intrusion detection and so on. However, in the current complex network environment, the traditional network security protection technology can not meet the needs of network security. With the advantages of firewall technology and intrusion detection technology, it can not only detect intrusion, but also take timely protective measures. It has active defense function and can effectively improve the security of the network. Deep Learning simulates the thinking pattern of human brain, extracts abstract features gradually, and uses the abstract features to classify. The core of the depth learning algorithm is multi-level learning, through multi-level learning. Semi-supervised learning uses a small number of labeled data and a large number of unlabeled data to train, which reduces the requirement for samples. Semi-supervised learning is introduced in this paper. An intrusion detection algorithm based on depth learning and semi-supervised clustering is proposed. This algorithm is an improvement on the Shallow Learning based intrusion detection algorithm. The algorithm uses sparse self-encoder to train the hidden layer and adjusts the parameters by layer-by-layer greedy algorithm to solve the problem of gradient dispersion. This algorithm combines depth learning based on sparse self-encoder with semi-supervised clustering, and can train high-efficient algorithm parameters on the basis of a certain amount of labeled data, with a small amount of labeled data. Based on the actual situation of the network, this paper selects some representative data to test, and the test results are compared with the intrusion detection algorithm based on K-means, C-means, shallow learning and so on. The experimental results show that the intrusion detection algorithm based on depth learning and semi-supervised clustering can be effectively improved. At last, the intrusion prevention system based on depth learning and semi-supervised clustering is studied. The principle of the system is introduced, and the deployment of the system is given.
【學位授予單位】:江蘇科技大學
【學位級別】:碩士
【學位授予年份】:2016
【分類號】:TP393.08
,
本文編號:2214466
本文鏈接:http://sikaile.net/guanlilunwen/ydhl/2214466.html
最近更新
教材專著
