【摘要】：由于網(wǎng)絡(luò)規(guī)模與技術(shù)的飛速發(fā)展,計(jì)算機(jī)網(wǎng)絡(luò)已經(jīng)成為人們生活中不可缺少的一部分。然而,日益嚴(yán)重的網(wǎng)絡(luò)安全問題對個(gè)人甚至國家產(chǎn)生了巨大的威脅。IDS的發(fā)展對網(wǎng)絡(luò)安全領(lǐng)域具有重大的影響。相互獨(dú)立工作的傳統(tǒng)的IDS,面對規(guī)模日益增加、結(jié)構(gòu)越來越復(fù)雜的網(wǎng)絡(luò),而顯得無能為力。因此,分布式入侵檢測系統(tǒng)代替IDS已經(jīng)成為大規(guī)模網(wǎng)絡(luò)安全領(lǐng)域的主要研究對象。分布式入侵檢測系統(tǒng)的主要目標(biāo)是通過對不同位置的安全信息進(jìn)行綜合分析,實(shí)現(xiàn)對整體網(wǎng)絡(luò)的入侵檢測。然而,不同位置的安全信息只有高效的傳輸?shù)椒治龉?jié)點(diǎn)才能使分布式入侵檢測系統(tǒng)滿足應(yīng)用的需求。因此,本文從將從分布式入侵檢測系統(tǒng)的體系結(jié)構(gòu)和警報(bào)信息的關(guān)聯(lián)分析方法兩方面對其進(jìn)行研究。首先,本文利用P2P對分布式入侵檢測系統(tǒng)的體系結(jié)構(gòu)進(jìn)行設(shè)計(jì),有效的解決傳統(tǒng)分布式入侵檢測系統(tǒng)集中式數(shù)據(jù)分析功能帶來的單點(diǎn)失效問題。通過對P2P在分布式入侵檢測系統(tǒng)體系結(jié)構(gòu)中的應(yīng)用進(jìn)行研究分析,提出一種分層的P2P網(wǎng)絡(luò)模型。使用分層分析方法對局部的融合中心節(jié)點(diǎn)進(jìn)行選擇,使信息的處理局部化。并針對IDS到融合中心節(jié)點(diǎn)以及不同區(qū)域融合中心節(jié)點(diǎn)間的數(shù)據(jù)傳輸,本文提出一種基于節(jié)點(diǎn)優(yōu)先級和鏈路時(shí)延的數(shù)據(jù)轉(zhuǎn)發(fā)方法,從節(jié)點(diǎn)距離和傳輸時(shí)延保證數(shù)據(jù)傳輸?shù)母咝�。然�?對于警報(bào)關(guān)聯(lián)分析方法本文使用證據(jù)加權(quán)方法改進(jìn)的D-S證據(jù)理論,能夠有效的對沖突證據(jù)信息進(jìn)行融合分析。針對最優(yōu)權(quán)重的獲取,本文提出一種改進(jìn)的粒子群算法,對不同的IDS進(jìn)行權(quán)重賦值。通過為不同的IDS賦予合理的權(quán)值,合理分配IDS的可信度,提高數(shù)據(jù)融合結(jié)果的準(zhǔn)確性。最后,本文從平均傳輸時(shí)延和網(wǎng)絡(luò)負(fù)載對數(shù)據(jù)傳輸效率進(jìn)行驗(yàn)證,從誤報(bào)率和檢測率對檢測性能進(jìn)行驗(yàn)證,進(jìn)而保證本文提出方法的有效性。
[Abstract]:With the rapid development of network scale and technology, computer network has become an indispensable part of people's life. However, the increasingly serious problem of network security poses a great threat to individuals and even countries. The development of IDS has a great impact on the field of network security. The traditional IDS, which works independently of each other, is unable to cope with the increasing scale and complex network. Therefore, distributed intrusion detection system (DIDS) instead of IDS has become the main research object in the field of large-scale network security. The main goal of the distributed intrusion detection system is to realize the intrusion detection of the whole network by synthetically analyzing the security information of different locations. However, the distributed intrusion detection system can meet the requirements of applications only when the security information in different locations is transmitted to the analysis node efficiently. Therefore, this paper will study the distributed intrusion detection system from two aspects: the architecture of distributed intrusion detection system and the correlation analysis method of alarm information. Firstly, the architecture of distributed intrusion detection system is designed by P2P, which effectively solves the single point failure problem caused by centralized data analysis function of traditional distributed intrusion detection system. By analyzing the application of P2P in the architecture of distributed intrusion detection system, a hierarchical P2P network model is proposed. The hierarchical analysis method is used to select the local fusion center nodes to localize the information processing. Aiming at the data transmission from IDS to fusion center node and between different regional fusion center nodes, this paper proposes a data forwarding method based on node priority and link delay, which ensures the high efficiency of data transmission from node distance and transmission delay. Then, for the alert association analysis method, this paper uses the evidence weighting method to improve the D-S evidence theory, which can effectively fuse and analyze the conflict evidence information. In this paper, an improved particle swarm optimization (PSO) algorithm is proposed to assign weights to different IDS. By assigning reasonable weights to different IDS and allocating the credibility of IDS reasonably, the accuracy of data fusion results can be improved. Finally, the data transmission efficiency is verified from the average transmission delay and network load, and the detection performance is verified from the false alarm rate and detection rate, so as to ensure the effectiveness of the proposed method.
【學(xué)位授予單位】：哈爾濱工程大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 周新宇;吳志健;王暉;李康順;張浩宇;;一種精英反向?qū)W習(xí)的粒子群優(yōu)化算法[J];電子學(xué)報(bào);2013年08期

2 王飛;緱錦;;基于多變異粒子群優(yōu)化算法的模糊關(guān)聯(lián)規(guī)則挖掘[J];計(jì)算機(jī)科學(xué);2013年05期

3 陳義雄;梁昔明;黃亞飛;;基于佳點(diǎn)集構(gòu)造的改進(jìn)量子粒子群優(yōu)化算法[J];中南大學(xué)學(xué)報(bào)(自然科學(xué)版);2013年04期

4 韓飛;楊春生;劉清;;一種改進(jìn)的基于梯度搜索的粒子群優(yōu)化算法[J];南京大學(xué)學(xué)報(bào)(自然科學(xué)版);2013年02期

5 吳建輝;章兢;李仁發(fā);劉朝華;;多子種群微粒群免疫算法及其在函數(shù)優(yōu)化中應(yīng)用[J];計(jì)算機(jī)研究與發(fā)展;2012年09期

6 劉效武;王慧強(qiáng);禹繼國;曹寶香;;基于多源融合的網(wǎng)絡(luò)安全態(tài)勢感知模型[J];解放軍理工大學(xué)學(xué)報(bào)(自然科學(xué)版);2012年04期

7 朱桂明;郭得科;金士堯;;ODBF:基于操作型衰落Bloom Filter的P2P網(wǎng)絡(luò)弱狀態(tài)路由算法[J];計(jì)算機(jī)學(xué)報(bào);2012年05期

8 張焱;郭世澤;黃曙光;汪永益;;一種基于多源異構(gòu)傳感器的網(wǎng)絡(luò)安全態(tài)勢感知模型[J];計(jì)算機(jī)應(yīng)用研究;2012年01期

9 蔣黎明;何加浪;張宏;;D-S證據(jù)理論中一種新的沖突證據(jù)融合方法[J];計(jì)算機(jī)科學(xué);2011年04期

10 于婧;汪斌強(qiáng);;基于重復(fù)鏈路檢測的P2P網(wǎng)絡(luò)拓?fù)湟恢滦苑桨竅J];軟件學(xué)報(bào);2009年07期

相關(guān)碩士學(xué)位論文 前2條

1 楊春;P2P網(wǎng)絡(luò)中避免集散節(jié)點(diǎn)形成的控制機(jī)制研究[D];華中師范大學(xué);2009年

2 姚松平;改進(jìn)PSO的神經(jīng)網(wǎng)絡(luò)數(shù)據(jù)融合技術(shù)研究[D];哈爾濱工程大學(xué);2008年

，

本文編號：2287321