【摘要】：隨著計算機和網(wǎng)絡技術的不斷發(fā)展和廣泛應用，計算機網(wǎng)絡的安全問題也逐漸成為人們關注的焦點。由于網(wǎng)絡環(huán)境的復雜性，攻擊手段的多樣性，傳統(tǒng)的網(wǎng)絡安全技術如防火墻、入侵檢測技術已經無法滿足對網(wǎng)絡安全的需求。入侵防御系統(tǒng)的提出，有效地彌補了入侵檢測系統(tǒng)以及防火墻的不足，成為網(wǎng)絡安全領域新興發(fā)展的一種安全技術。本文從入侵檢測系統(tǒng)相關研究現(xiàn)狀入手，分析了防火墻與入侵檢測系統(tǒng)不足，提出了一種基于云模型的半監(jiān)督聚類動態(tài)加權的入侵檢測算法，并最終構建了基于云模型的半監(jiān)督聚類的入侵防御系統(tǒng)。 本文針對基于無監(jiān)督學習的入侵檢測聚類算法檢測率低，基于監(jiān)督學習的入侵檢測算法的訓練樣本不足且難以正確檢測出新的未知入侵攻擊的問題，提出了一種半監(jiān)督聚類算法。算法在初始階段利用少量的數(shù)據(jù)標記信息生成了初始聚類中心，使得初始聚類中心是可控的，并通過逐步生成聚類中心的方法增強了系統(tǒng)的魯棒性，提高了聚類算法收斂速度和準確性。 根據(jù)云模型理論，提出了一種基于云模型的半監(jiān)督聚類動態(tài)加權的入侵檢測算法。算法在上述半監(jiān)督聚類的基礎上，結合已知的少量標識信息篩選數(shù)據(jù)初步建立正常云模型和異常云模型，用改進的一維逆向云發(fā)生器和X條件云發(fā)生器構建出云模型分類器。引入了云相對貼近度的概念定義了高維空間樣本在分類過程中的屬性權重，解決了云模型分類器難以處理高維數(shù)據(jù)的問題。在分類過程中對所建立的云模型不斷更新并對屬性實現(xiàn)了動態(tài)加權，，不但能準確的反映實際數(shù)據(jù)信息而且指導了數(shù)據(jù)的分類，避免了對數(shù)據(jù)先驗知識的過度依賴，在一定的程度上也豐富了云分類器的相關內容。在KDD CUP99數(shù)據(jù)集下的仿真實驗表明，該算法不僅可以提高系統(tǒng)的檢測能力，還具有良好的穩(wěn)定性。 最后，根據(jù)云模型理論建立了一種基于云模型的半監(jiān)督聚類的入侵防御系統(tǒng)模型，該系統(tǒng)模型主要包括數(shù)據(jù)包捕獲模塊、入侵檢測模塊、響應模塊、日志管理模塊和管理控制模塊等五大模塊。重點設計了入侵檢測模塊中的檢測算法部分，將基于云模型的半監(jiān)督聚類動態(tài)加權算法作為檢測器的核心算法，并給出了其他模塊的功能以及整個入侵防御系統(tǒng)的架構。
[Abstract]:With the continuous development and wide application of computer and network technology, the security of computer network has gradually become the focus of attention. Because of the complexity of the network environment and the diversity of attack methods, the traditional network security technology such as firewall, intrusion detection technology can no longer meet the needs of network security. The proposed intrusion Prevention system (IDS) has effectively compensated for the shortcomings of IDS and firewalls, and has become a new security technology in the field of network security. In this paper, we analyze the shortage of firewall and intrusion detection system, and propose a semi-supervised clustering dynamic weighted intrusion detection algorithm based on cloud model. Finally, a semi-supervised clustering intrusion prevention system based on cloud model is constructed. In this paper, the detection rate of intrusion detection clustering algorithm based on unsupervised learning is low, and the training sample of supervised learning based intrusion detection algorithm is insufficient and it is difficult to detect new unknown intrusion attacks correctly. A semi-supervised clustering algorithm is proposed. In the initial stage, the initial clustering center is generated by using a small amount of data marking information, which makes the initial clustering center controllable, and the robustness of the system is enhanced by the method of generating the clustering center step by step. The convergence speed and accuracy of the clustering algorithm are improved. According to cloud model theory, a semi-supervised clustering dynamic weighted intrusion detection algorithm based on cloud model is proposed. On the basis of the above semi-supervised clustering, the normal cloud model and the abnormal cloud model are preliminarily established by combining a small amount of known identification information filtering data, and the improved one-dimensional reverse cloud generator and the X-condition cloud generator are used to construct the cloud model classifier. The concept of cloud relative closeness is introduced to define the attribute weight of high-dimensional spatial samples in the classification process, which solves the problem that the cloud model classifier is difficult to deal with high-dimensional data. In the process of classification, the cloud model is constantly updated and the attributes are dynamically weighted, which can not only accurately reflect the actual data information, but also guide the classification of the data, and avoid the excessive dependence on the prior knowledge of the data. To some extent, it also enriches the related contents of cloud classifier. The simulation results on KDD CUP99 data sets show that the proposed algorithm not only improves the detection ability of the system, but also has good stability. Finally, according to cloud model theory, a semi-supervised clustering intrusion prevention system model based on cloud model is established. The system model mainly includes packet capture module, intrusion detection module, response module. Log management module and management control module and other five modules. The detection algorithm of intrusion detection module is mainly designed. The semi-supervised clustering dynamic weighting algorithm based on cloud model is taken as the core algorithm of the detector. The functions of other modules and the architecture of the whole intrusion prevention system are given.
【學位授予單位】：江蘇科技大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP393.08

【參考文獻】

相關期刊論文 前10條

1 楊文;入侵檢測系統(tǒng)的現(xiàn)狀及發(fā)展趨勢[J];電腦知識與技術;2005年18期

2 李德毅，孟海軍，史雪梅;隸屬云和隸屬云發(fā)生器[J];計算機研究與發(fā)展;1995年06期

3 楊朝暉,李德毅;二維云模型及其在預測中的應用[J];計算機學報;1998年11期

4 毛功萍;熊齊邦;;基于策略的入侵防御系統(tǒng)模型的研究[J];計算機應用研究;2006年03期

5 劉合安;;基于免疫的新型入侵防御模型[J];計算機應用研究;2012年07期

6 李鵬偉;葛文英;;網(wǎng)絡病毒入侵防御系統(tǒng)技術的研究[J];煤炭技術;2012年09期

7 張仕斌;許春香;;基于云模型的信任評估方法研究[J];計算機學報;2013年02期

8 蔣建兵;粱家榮;王龍;;基于云模型的入侵檢測研究[J];微計算機信息;2010年03期

9 閻芳;劉丙午;;基于云模型的動態(tài)物流過程知識表示[J];物流技術;2008年06期

10 劉常昱,馮芒,戴曉軍,李德毅;基于云X信息的逆向云新算法[J];系統(tǒng)仿真學報;2004年11期

本文編號：2224122