【摘要】：隨著計(jì)算機(jī)網(wǎng)絡(luò)技術(shù)的不斷發(fā)展,眾多的企事業(yè)單位、政府部門將其核心業(yè)務(wù)向互聯(lián)網(wǎng)轉(zhuǎn)移,網(wǎng)絡(luò)安全作為一個(gè)無法回避的問題呈現(xiàn)在人們面前。網(wǎng)絡(luò)用戶一般采用防火墻作為安全的第一道防線。而隨著攻擊者知識的日趨成熟,攻擊工具與手段的日趨復(fù)雜多樣,單純的防火墻策略已經(jīng)無法滿足對安全高度敏感的部門的需要,網(wǎng)絡(luò)的防衛(wèi)必須采用一種縱深的、多樣的手段。與此同時(shí),網(wǎng)絡(luò)環(huán)境也變得越來越復(fù)雜,設(shè)備的更換、軟件的升級、系統(tǒng)的補(bǔ)漏使網(wǎng)絡(luò)管理員的工作不斷加重,不經(jīng)意的疏忽便可能造成重大的安全隱患。在這種情況下,入侵檢測系統(tǒng)成為安全市場上的熱點(diǎn)。鑒于入侵檢測技術(shù)對網(wǎng)絡(luò)安全所起的重要作用,對入侵檢測技術(shù)進(jìn)行研究具有重要意義。 本文對網(wǎng)絡(luò)入侵檢測技術(shù)進(jìn)行了研究。論文分析了入侵檢測系統(tǒng)的實(shí)現(xiàn)方式和安全性能,介紹了誤用檢測與異常檢測各自的優(yōu)缺點(diǎn)。針對傳統(tǒng)入侵檢測系統(tǒng)存在的問題,提出將數(shù)據(jù)挖掘技術(shù)、蜜罐技術(shù)等技術(shù)應(yīng)用到入侵檢測系統(tǒng)中,對數(shù)據(jù)挖掘算法和如何將數(shù)據(jù)挖掘算法應(yīng)用到入侵檢測系統(tǒng)中進(jìn)行了研究。探討了從網(wǎng)絡(luò)數(shù)據(jù)采集、數(shù)據(jù)預(yù)處理、構(gòu)造訓(xùn)練數(shù)據(jù)集、數(shù)據(jù)過濾,到利用數(shù)據(jù)挖掘技術(shù)生成入侵檢測規(guī)則的整個(gè)過程的機(jī)理和實(shí)現(xiàn)方法。在上述研究的基礎(chǔ)上設(shè)計(jì)了一個(gè)基于網(wǎng)絡(luò)的入侵檢測系統(tǒng),闡述了該系統(tǒng)的結(jié)構(gòu)及主要功能并研究了其在網(wǎng)絡(luò)控制系統(tǒng)中的應(yīng)用,進(jìn)行了相關(guān)實(shí)驗(yàn),實(shí)驗(yàn)結(jié)果達(dá)到了預(yù)期的目標(biāo)。 論文包括六章內(nèi)容:第一章簡要說明了入侵檢測技術(shù)及本文所作的工作;第二章介紹了入侵檢測的一些概念、技術(shù);第三章介紹了數(shù)據(jù)挖掘的概念和幾種常用的挖掘算法,以及挖掘算法在入侵檢測中的應(yīng)用;第四章主要講述數(shù)據(jù)采集預(yù)處理系統(tǒng)的設(shè)計(jì)和如何利用數(shù)據(jù)挖掘技術(shù)生成入侵檢測規(guī)則;第五章講述了基于數(shù)據(jù)挖掘的網(wǎng)絡(luò)入侵檢測系統(tǒng)的設(shè)計(jì)和應(yīng)用;第六章對所做的工作進(jìn)行了總結(jié),指出了未來研究的重點(diǎn)和方向。
[Abstract]:With the continuous development of computer network technology, many enterprises and government departments transfer their core business to the Internet. Network security is presented to people as an unavoidable problem. Network users generally use firewall as the first line of defense. As the knowledge of the attacker matures and the tools and means of attack become more and more complex, the simple firewall strategy can no longer meet the needs of the highly sensitive departments, so the defense of the network must be used in depth. A variety of means. At the same time, the network environment is becoming more and more complex, the replacement of equipment, the upgrade of software, the leakage of the system make the network administrator's work more and more serious, the inadvertent negligence may cause the serious security hidden danger. In this case, intrusion detection system has become a hot spot in the security market. In view of the important role of intrusion detection technology in network security, it is of great significance to study intrusion detection technology. In this paper, the network intrusion detection technology is studied. This paper analyzes the implementation mode and security performance of intrusion detection system, and introduces the advantages and disadvantages of misuse detection and anomaly detection. Aiming at the problems existing in the traditional intrusion detection system, this paper puts forward the application of data mining technology and honeypot technology to the intrusion detection system. The data mining algorithm and how to apply the data mining algorithm to the intrusion detection system are studied. This paper discusses the mechanism and implementation of the whole process from network data collection, data preprocessing, construction of training data set, data filtering to the use of data mining technology to generate intrusion detection rules. Based on the above research, an intrusion detection system based on network is designed. The structure and main functions of the system are described, and its application in the network control system is studied. The experimental results achieved the expected goal. The thesis includes six chapters: the first chapter briefly describes the intrusion detection technology and the work done in this paper, the second chapter introduces some concepts and technologies of intrusion detection. The third chapter introduces the concept of data mining and several common mining algorithms, as well as the application of mining algorithms in intrusion detection. The fourth chapter mainly describes the design of data acquisition and preprocessing system and how to use data mining technology to generate intrusion detection rules, the fifth chapter describes the design and application of network intrusion detection system based on data mining. The sixth chapter summarizes the work done and points out the emphasis and direction of future research.
【學(xué)位授予單位】：鄭州大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2005
【分類號】：TP393.08

【引證文獻(xiàn)】

相關(guān)碩士學(xué)位論文 前2條

1 張亞;數(shù)據(jù)挖掘技術(shù)在網(wǎng)站入侵檢測中的應(yīng)用[D];貴州大學(xué);2006年

2 王英澤;一種數(shù)據(jù)挖掘技術(shù)在入侵檢測系統(tǒng)中的應(yīng)用[D];哈爾濱理工大學(xué);2007年

，

本文編號：2332185