基于分布式架構(gòu)的網(wǎng)絡(luò)入侵檢測系統(tǒng)研究與實(shí)現(xiàn)
發(fā)布時(shí)間:2018-12-05 12:57
【摘要】:伴隨著互聯(lián)網(wǎng)技術(shù)的不斷發(fā)展及其在各領(lǐng)域的廣泛使用,網(wǎng)絡(luò)安全問題顯得尤為突出和重要。傳統(tǒng)的網(wǎng)絡(luò)防護(hù)手段主要采用防火墻和訪問控制等被動(dòng)防御方式,已經(jīng)難以滿足日益復(fù)雜的網(wǎng)絡(luò)入侵行為。入侵檢測作為一種主動(dòng)式防御的網(wǎng)絡(luò)安全技術(shù),能夠迅速識(shí)別入侵行為,并做出警告響應(yīng),適用于不同的網(wǎng)絡(luò)環(huán)境。但是未知的入侵手段在人們認(rèn)識(shí)之前難以發(fā)覺,造成攻擊行為漏報(bào),給網(wǎng)絡(luò)的安全帶來了隱患。 本文將結(jié)合分布式架構(gòu)和數(shù)據(jù)挖掘技術(shù)來增強(qiáng)入侵檢測的準(zhǔn)確性、有效性、處理能力和預(yù)測能力。首先介紹了目前常用的入侵檢測模型、技術(shù)分類和體系結(jié)構(gòu),對(duì)它們的優(yōu)缺點(diǎn)做了分析和比較,同時(shí)闡述了數(shù)據(jù)挖掘中的數(shù)據(jù)預(yù)處理、分類分析和聚類分析技術(shù)的原理和工作流程,及其在入侵檢測中的應(yīng)用。 鑒于現(xiàn)有的入侵檢測系統(tǒng)存在的問題和不足,本文設(shè)計(jì)了基于分布式架構(gòu)的網(wǎng)絡(luò)入侵檢測系統(tǒng),并給出了各個(gè)功能模塊的詳細(xì)設(shè)計(jì)和實(shí)現(xiàn)。本系統(tǒng)由一個(gè)主控節(jié)點(diǎn)服務(wù)器和若干檢測代理節(jié)點(diǎn)組成,代理檢測節(jié)點(diǎn)根據(jù)本地的檢測規(guī)則負(fù)責(zé)各自網(wǎng)域內(nèi)數(shù)據(jù)流的檢測任務(wù),在檢測到未知行為時(shí)交由主控節(jié)點(diǎn)服務(wù)器對(duì)其預(yù)測,并定義了節(jié)點(diǎn)間交換消息的格式。針對(duì)分布式的系統(tǒng)架構(gòu)和孤立點(diǎn)的挖掘思想,設(shè)計(jì)了一種分布式環(huán)境下的全監(jiān)督隸屬度分類算法(DFMCA),使得IDS具有快速對(duì)未知行為的預(yù)測能力,而不影響檢測模塊的正常工作,并期望達(dá)到比已有分類算法更高的準(zhǔn)確率。 最后,通過對(duì)系統(tǒng)各模塊的測試實(shí)驗(yàn),證實(shí)了本系統(tǒng)具有很強(qiáng)的處理能力、預(yù)測能力、靈活性和可擴(kuò)展性,有效的降低了漏報(bào)率和誤報(bào)率,并給出了結(jié)果分析和本課題下一步工作的展望。
[Abstract]:With the continuous development of Internet technology and its wide use in various fields, network security issues are particularly prominent and important. The traditional methods of network protection are mainly passive defense such as firewall and access control, so it is difficult to meet the increasingly complex network intrusion behavior. As an active defense network security technology, intrusion detection can quickly identify intrusion behavior and make warning response, which is suitable for different network environments. However, unknown intrusion methods are difficult to detect before people know, resulting in underreporting of attacks, which brings hidden dangers to network security. This paper combines distributed architecture and data mining technology to enhance the accuracy, effectiveness, processing ability and prediction ability of intrusion detection. Firstly, the commonly used intrusion detection models, technology classification and architecture are introduced, and their advantages and disadvantages are analyzed and compared. At the same time, the data preprocessing in data mining is expounded. The principle and workflow of classification analysis and clustering analysis, and its application in intrusion detection. In view of the existing problems and shortcomings of the existing intrusion detection system, this paper designs a network intrusion detection system based on distributed architecture, and gives the detailed design and implementation of each functional module. The system consists of a main control node server and a number of detection agent nodes. The agent detection node is responsible for the detection of the data flow in their respective domain according to the local detection rules. When the unknown behavior is detected, it is predicted by the master node server, and the format of exchanging messages between the nodes is defined. Aiming at the distributed system architecture and the idea of outlier mining, a fully supervised membership classification algorithm (DFMCA),) in distributed environment is designed, which makes IDS have the ability to predict unknown behavior quickly. It does not affect the normal operation of the detection module and expects to achieve higher accuracy than the existing classification algorithm. Finally, through the test of each module of the system, it is proved that the system has strong processing ability, prediction ability, flexibility and expansibility, and effectively reduces the false alarm rate and false alarm rate. The analysis of the results and the prospect of the future work of this subject are also given.
【學(xué)位授予單位】:北京郵電大學(xué)
【學(xué)位級(jí)別】:碩士
【學(xué)位授予年份】:2014
【分類號(hào)】:TP393.08
本文編號(hào):2365238
[Abstract]:With the continuous development of Internet technology and its wide use in various fields, network security issues are particularly prominent and important. The traditional methods of network protection are mainly passive defense such as firewall and access control, so it is difficult to meet the increasingly complex network intrusion behavior. As an active defense network security technology, intrusion detection can quickly identify intrusion behavior and make warning response, which is suitable for different network environments. However, unknown intrusion methods are difficult to detect before people know, resulting in underreporting of attacks, which brings hidden dangers to network security. This paper combines distributed architecture and data mining technology to enhance the accuracy, effectiveness, processing ability and prediction ability of intrusion detection. Firstly, the commonly used intrusion detection models, technology classification and architecture are introduced, and their advantages and disadvantages are analyzed and compared. At the same time, the data preprocessing in data mining is expounded. The principle and workflow of classification analysis and clustering analysis, and its application in intrusion detection. In view of the existing problems and shortcomings of the existing intrusion detection system, this paper designs a network intrusion detection system based on distributed architecture, and gives the detailed design and implementation of each functional module. The system consists of a main control node server and a number of detection agent nodes. The agent detection node is responsible for the detection of the data flow in their respective domain according to the local detection rules. When the unknown behavior is detected, it is predicted by the master node server, and the format of exchanging messages between the nodes is defined. Aiming at the distributed system architecture and the idea of outlier mining, a fully supervised membership classification algorithm (DFMCA),) in distributed environment is designed, which makes IDS have the ability to predict unknown behavior quickly. It does not affect the normal operation of the detection module and expects to achieve higher accuracy than the existing classification algorithm. Finally, through the test of each module of the system, it is proved that the system has strong processing ability, prediction ability, flexibility and expansibility, and effectively reduces the false alarm rate and false alarm rate. The analysis of the results and the prospect of the future work of this subject are also given.
【學(xué)位授予單位】:北京郵電大學(xué)
【學(xué)位級(jí)別】:碩士
【學(xué)位授予年份】:2014
【分類號(hào)】:TP393.08
【參考文獻(xiàn)】
相關(guān)期刊論文 前9條
1 柴平渲,龔向陽,程時(shí)端;分布式入侵檢測技術(shù)的研究[J];北京郵電大學(xué)學(xué)報(bào);2002年02期
2 羅敏,王麗娜,張煥國;基于無監(jiān)督聚類的入侵檢測方法[J];電子學(xué)報(bào);2003年11期
3 譚小彬,王衛(wèi)平,奚宏生,殷保群;計(jì)算機(jī)系統(tǒng)入侵檢測的隱馬爾可夫模型[J];計(jì)算機(jī)研究與發(fā)展;2003年02期
4 胡文瑜;孫志揮;吳英杰;;數(shù)據(jù)挖掘取樣方法研究[J];計(jì)算機(jī)研究與發(fā)展;2011年01期
5 張勇,張德運(yùn),李勝磊;基于分布協(xié)作式代理的網(wǎng)絡(luò)入侵檢測技術(shù)的研究與實(shí)現(xiàn)[J];計(jì)算機(jī)學(xué)報(bào);2001年07期
6 蔡忠閩,管曉宏,邵萍,彭勤科,孫國基;基于粗糙集理論的入侵檢測新方法[J];計(jì)算機(jī)學(xué)報(bào);2003年03期
7 馬恒太,蔣建春,陳偉鋒,卿斯?jié)h;基于Agent的分布式入侵檢測系統(tǒng)模型[J];軟件學(xué)報(bào);2000年10期
8 李旺,吳禮發(fā),胡谷雨;分布式網(wǎng)絡(luò)入侵檢測系統(tǒng)NetNumen的設(shè)計(jì)與實(shí)現(xiàn)[J];軟件學(xué)報(bào);2002年08期
9 饒鮮,董春曦,楊紹全;基于支持向量機(jī)的入侵檢測系統(tǒng)[J];軟件學(xué)報(bào);2003年04期
,本文編號(hào):2365238
本文鏈接:http://sikaile.net/guanlilunwen/ydhl/2365238.html
最近更新
教材專著
