【摘要】：隨著計(jì)算機(jī)和網(wǎng)絡(luò)技術(shù)的不斷發(fā)展和廣泛應(yīng)用，計(jì)算機(jī)網(wǎng)絡(luò)的安全問(wèn)題也逐漸成為人們關(guān)注的焦點(diǎn)。由于網(wǎng)絡(luò)環(huán)境的復(fù)雜性，攻擊手段的多樣性，傳統(tǒng)的網(wǎng)絡(luò)安全技術(shù)如防火墻、入侵檢測(cè)技術(shù)已經(jīng)無(wú)法滿足對(duì)網(wǎng)絡(luò)安全的需求。入侵防御系統(tǒng)的提出，有效地彌補(bǔ)了入侵檢測(cè)系統(tǒng)以及防火墻的不足，成為網(wǎng)絡(luò)安全領(lǐng)域新興發(fā)展的一種安全技術(shù)。本文從入侵檢測(cè)系統(tǒng)相關(guān)研究現(xiàn)狀入手，分析了防火墻與入侵檢測(cè)系統(tǒng)不足，提出了一種基于云模型的半監(jiān)督聚類動(dòng)態(tài)加權(quán)的入侵檢測(cè)算法，并最終構(gòu)建了基于云模型的半監(jiān)督聚類的入侵防御系統(tǒng)。 本文針對(duì)基于無(wú)監(jiān)督學(xué)習(xí)的入侵檢測(cè)聚類算法檢測(cè)率低，基于監(jiān)督學(xué)習(xí)的入侵檢測(cè)算法的訓(xùn)練樣本不足且難以正確檢測(cè)出新的未知入侵攻擊的問(wèn)題，提出了一種半監(jiān)督聚類算法。算法在初始階段利用少量的數(shù)據(jù)標(biāo)記信息生成了初始聚類中心，使得初始聚類中心是可控的，并通過(guò)逐步生成聚類中心的方法增強(qiáng)了系統(tǒng)的魯棒性，提高了聚類算法收斂速度和準(zhǔn)確性。 根據(jù)云模型理論，提出了一種基于云模型的半監(jiān)督聚類動(dòng)態(tài)加權(quán)的入侵檢測(cè)算法。算法在上述半監(jiān)督聚類的基礎(chǔ)上，結(jié)合已知的少量標(biāo)識(shí)信息篩選數(shù)據(jù)初步建立正常云模型和異常云模型，用改進(jìn)的一維逆向云發(fā)生器和X條件云發(fā)生器構(gòu)建出云模型分類器。引入了云相對(duì)貼近度的概念定義了高維空間樣本在分類過(guò)程中的屬性權(quán)重，解決了云模型分類器難以處理高維數(shù)據(jù)的問(wèn)題。在分類過(guò)程中對(duì)所建立的云模型不斷更新并對(duì)屬性實(shí)現(xiàn)了動(dòng)態(tài)加權(quán)，，不但能準(zhǔn)確的反映實(shí)際數(shù)據(jù)信息而且指導(dǎo)了數(shù)據(jù)的分類，避免了對(duì)數(shù)據(jù)先驗(yàn)知識(shí)的過(guò)度依賴，在一定的程度上也豐富了云分類器的相關(guān)內(nèi)容。在KDD CUP99數(shù)據(jù)集下的仿真實(shí)驗(yàn)表明，該算法不僅可以提高系統(tǒng)的檢測(cè)能力，還具有良好的穩(wěn)定性。 最后，根據(jù)云模型理論建立了一種基于云模型的半監(jiān)督聚類的入侵防御系統(tǒng)模型，該系統(tǒng)模型主要包括數(shù)據(jù)包捕獲模塊、入侵檢測(cè)模塊、響應(yīng)模塊、日志管理模塊和管理控制模塊等五大模塊。重點(diǎn)設(shè)計(jì)了入侵檢測(cè)模塊中的檢測(cè)算法部分，將基于云模型的半監(jiān)督聚類動(dòng)態(tài)加權(quán)算法作為檢測(cè)器的核心算法，并給出了其他模塊的功能以及整個(gè)入侵防御系統(tǒng)的架構(gòu)。
[Abstract]:With the continuous development and wide application of computer and network technology, the security of computer network has gradually become the focus of attention. Because of the complexity of the network environment and the diversity of attack methods, the traditional network security technology such as firewall, intrusion detection technology can no longer meet the needs of network security. The proposed intrusion Prevention system (IDS) has effectively compensated for the shortcomings of IDS and firewalls, and has become a new security technology in the field of network security. In this paper, we analyze the shortage of firewall and intrusion detection system, and propose a semi-supervised clustering dynamic weighted intrusion detection algorithm based on cloud model. Finally, a semi-supervised clustering intrusion prevention system based on cloud model is constructed. In this paper, the detection rate of intrusion detection clustering algorithm based on unsupervised learning is low, and the training sample of supervised learning based intrusion detection algorithm is insufficient and it is difficult to detect new unknown intrusion attacks correctly. A semi-supervised clustering algorithm is proposed. In the initial stage, the initial clustering center is generated by using a small amount of data marking information, which makes the initial clustering center controllable, and the robustness of the system is enhanced by the method of generating the clustering center step by step. The convergence speed and accuracy of the clustering algorithm are improved. According to cloud model theory, a semi-supervised clustering dynamic weighted intrusion detection algorithm based on cloud model is proposed. On the basis of the above semi-supervised clustering, the normal cloud model and the abnormal cloud model are preliminarily established by combining a small amount of known identification information filtering data, and the improved one-dimensional reverse cloud generator and the X-condition cloud generator are used to construct the cloud model classifier. The concept of cloud relative closeness is introduced to define the attribute weight of high-dimensional spatial samples in the classification process, which solves the problem that the cloud model classifier is difficult to deal with high-dimensional data. In the process of classification, the cloud model is constantly updated and the attributes are dynamically weighted, which can not only accurately reflect the actual data information, but also guide the classification of the data, and avoid the excessive dependence on the prior knowledge of the data. To some extent, it also enriches the related contents of cloud classifier. The simulation results on KDD CUP99 data sets show that the proposed algorithm not only improves the detection ability of the system, but also has good stability. Finally, according to cloud model theory, a semi-supervised clustering intrusion prevention system model based on cloud model is established. The system model mainly includes packet capture module, intrusion detection module, response module. Log management module and management control module and other five modules. The detection algorithm of intrusion detection module is mainly designed. The semi-supervised clustering dynamic weighting algorithm based on cloud model is taken as the core algorithm of the detector. The functions of other modules and the architecture of the whole intrusion prevention system are given.
【學(xué)位授予單位】：江蘇科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 楊文;入侵檢測(cè)系統(tǒng)的現(xiàn)狀及發(fā)展趨勢(shì)[J];電腦知識(shí)與技術(shù);2005年18期

2 李德毅，孟海軍，史雪梅;隸屬云和隸屬云發(fā)生器[J];計(jì)算機(jī)研究與發(fā)展;1995年06期

3 楊朝暉,李德毅;二維云模型及其在預(yù)測(cè)中的應(yīng)用[J];計(jì)算機(jī)學(xué)報(bào);1998年11期

4 毛功萍;熊齊邦;;基于策略的入侵防御系統(tǒng)模型的研究[J];計(jì)算機(jī)應(yīng)用研究;2006年03期

5 劉合安;;基于免疫的新型入侵防御模型[J];計(jì)算機(jī)應(yīng)用研究;2012年07期

6 李鵬偉;葛文英;;網(wǎng)絡(luò)病毒入侵防御系統(tǒng)技術(shù)的研究[J];煤炭技術(shù);2012年09期

7 張仕斌;許春香;;基于云模型的信任評(píng)估方法研究[J];計(jì)算機(jī)學(xué)報(bào);2013年02期

8 蔣建兵;粱家榮;王龍;;基于云模型的入侵檢測(cè)研究[J];微計(jì)算機(jī)信息;2010年03期

9 閻芳;劉丙午;;基于云模型的動(dòng)態(tài)物流過(guò)程知識(shí)表示[J];物流技術(shù);2008年06期

10 劉常昱,馮芒,戴曉軍,李德毅;基于云X信息的逆向云新算法[J];系統(tǒng)仿真學(xué)報(bào);2004年11期

本文編號(hào)：2224122