發(fā)布時(shí)間：2018-12-11 01:50

【摘要】：隨著計(jì)算機(jī)網(wǎng)絡(luò)技術(shù)的高速發(fā)展和廣泛應(yīng)用,網(wǎng)絡(luò)安全問(wèn)題引起了越來(lái)越多的關(guān)注。如何能夠快速、準(zhǔn)確地識(shí)別已知攻擊和日益增多的新型攻擊,成為入侵檢測(cè)系統(tǒng)面臨的主要問(wèn)題。相比于傳統(tǒng)的入侵檢測(cè)技術(shù),模式識(shí)別方法以其良好的推理能力,可以支持識(shí)別未知的、還未被描述的入侵行為,為基于機(jī)器學(xué)習(xí)的入侵檢測(cè)技術(shù)注入了新的活力。 傳統(tǒng)的模式識(shí)別系統(tǒng)往往只用一個(gè)分類器進(jìn)行識(shí)別,因此要取得理想的檢測(cè)效果就要求這個(gè)分類器必須在所有的樣本特征上具備較好的區(qū)分能力,但單純的分類器很難滿足這樣的要求。因此本文考慮將多分類器組合技術(shù)應(yīng)用于入侵檢測(cè)領(lǐng)域,以提高入侵檢測(cè)系統(tǒng)的檢測(cè)性能。 本文的主要工作有： 1、在學(xué)習(xí)了前人研究的基礎(chǔ)上,本文提出了一種基于準(zhǔn)確性和分類器差異性度量(Based on Accuracy and Diversity Measure, BADM)的多分類器選擇算法,通過(guò)選取具有較高分類精度和較大差異性的基分類器進(jìn)行組合,來(lái)提高總體的檢測(cè)精度。在KDD CUP99數(shù)據(jù)集上的實(shí)驗(yàn)表明,本文提出的基于準(zhǔn)確性和差異性度量的多分類器選擇算法取得了良好的檢測(cè)效果,總體準(zhǔn)確率比直接集成提高了0.3個(gè)百分點(diǎn),并高于KDD CUP99競(jìng)賽優(yōu)勝者的結(jié)果。 2. KDD CUP99數(shù)據(jù)集是目前入侵檢測(cè)研究領(lǐng)域的權(quán)威性數(shù)據(jù)。本文對(duì)該數(shù)據(jù)集進(jìn)行了預(yù)處理操作,包括符號(hào)型特征值量化、歸一化處理和特征選擇等。實(shí)驗(yàn)中通過(guò)對(duì)不同的搜索方法選取的特征子集進(jìn)行比較,最后確定使用基于遺傳算法的特征選擇方法,并最終得到了實(shí)驗(yàn)所需的訓(xùn)練集和測(cè)試集。 3、本文針對(duì)目前使用十分廣泛的Snort入侵檢測(cè)系統(tǒng)進(jìn)行了改進(jìn),通過(guò)將文中提出的BADM算法以插件形式整合進(jìn)Snort來(lái)提高Snort的檢測(cè)性能。文中設(shè)計(jì)了基于多分類器組合的Snort入侵檢測(cè)系統(tǒng),詳細(xì)介紹了系統(tǒng)的總體架構(gòu)、各模塊的功能以及實(shí)現(xiàn)方法等。 4、設(shè)計(jì)并實(shí)現(xiàn)了基于多分類器組合的Snort和Netfilter/Iptables聯(lián)動(dòng)系統(tǒng),以解決入侵檢測(cè)系統(tǒng)無(wú)法有效實(shí)施攔截以及防火墻只能被動(dòng)防御的缺陷。論文對(duì)搭建的聯(lián)動(dòng)系統(tǒng)進(jìn)行了測(cè)試,通過(guò)系統(tǒng)測(cè)試證明,該系統(tǒng)可以抵御基本的攻擊行為,并具有動(dòng)態(tài)防御功能。因此本系統(tǒng)的設(shè)計(jì)能夠很好地滿足中小企業(yè)對(duì)網(wǎng)絡(luò)安全防御的需求,對(duì)構(gòu)建網(wǎng)絡(luò)安全防御體系具有積極的意義。
[Abstract]:With the rapid development and wide application of computer network technology, network security has attracted more and more attention. How to quickly and accurately identify the known attacks and the increasing number of new attacks has become the main problem of intrusion detection system (IDS). Compared with the traditional intrusion detection technology, the pattern recognition method, with its good reasoning ability, can support the recognition of unknown and undescribed intrusion behavior, which has injected new vitality into the intrusion detection technology based on machine learning. In traditional pattern recognition systems, only one classifier is used for recognition, so in order to achieve an ideal detection effect, the classifier must have a good ability to distinguish all the sample features. But the simple classifier is difficult to meet this requirement. Therefore, this paper considers the application of multi-classifier combination technology in intrusion detection, in order to improve the detection performance of intrusion detection system. The main work of this paper is as follows: 1. On the basis of previous studies, this paper proposes a multi-classifier selection algorithm based on accuracy and classifier difference metric (Based on Accuracy and Diversity Measure, BADM). In order to improve the detection accuracy, the base classifier with higher classification accuracy and greater difference is selected for combination. Experiments on KDD CUP99 data set show that the proposed multi-classifier selection algorithm based on accuracy and difference metric has achieved a good detection effect, and the overall accuracy rate is 0.3 percentage points higher than that of direct integration. And higher than the result of the winner of the KDD CUP99 contest. 2. KDD CUP99 dataset is the authoritative data in the field of intrusion detection. In this paper, the data set is preprocessed, including symbolic eigenvalue quantization, normalized processing and feature selection. By comparing the feature subsets selected by different search methods, the method of feature selection based on genetic algorithm is determined, and the training set and test set are obtained. 3. This paper improves the Snort intrusion detection system, which is widely used at present, and integrates the proposed BADM algorithm into Snort in the form of plug-in to improve the detection performance of Snort. In this paper, the Snort intrusion detection system based on multi-classifier combination is designed, and the system architecture, the function of each module and the implementation method are introduced in detail. 4. The Snort and Netfilter/Iptables linkage system based on multi-classifier combination is designed and implemented to solve the problems that intrusion detection system can not effectively implement interception and firewall can only defend passively. The test results show that the system can resist the basic attack behavior and has the function of dynamic defense. Therefore, the design of the system can meet the needs of the small and medium-sized enterprises to the network security defense, and has positive significance to the construction of the network security defense system.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前7條

1 董小玲;信息安全的分水嶺——2000年世界信息安全問(wèn)題回顧[J];計(jì)算機(jī)安全;2001年01期

2 鮑旭華;王衛(wèi)東;李鴻培;趙糧;;網(wǎng)絡(luò)攻擊與防范措施呈現(xiàn)新趨勢(shì)——《2011年安全回顧與展望》報(bào)告提要[J];計(jì)算機(jī)安全;2012年02期

3 谷雨;徐宗本;孫劍;鄭錦輝;;基于PCA與ICA特征提取的入侵檢測(cè)集成分類系統(tǒng)[J];計(jì)算機(jī)研究與發(fā)展;2006年04期

4 韓宏;楊靜宇;;多分類器組合及其應(yīng)用[J];計(jì)算機(jī)科學(xué);2000年01期

5 徐沖;王汝傳;任勛益;;基于集成學(xué)習(xí)的入侵檢測(cè)方法[J];計(jì)算機(jī)科學(xué);2010年07期

6 高平利;任金昌;;基于Snort入侵檢測(cè)系統(tǒng)的分析與實(shí)現(xiàn)[J];計(jì)算機(jī)應(yīng)用與軟件;2006年08期

7 郝紅衛(wèi);王志彬;殷緒成;陳志強(qiáng);;分類器的動(dòng)態(tài)選擇與循環(huán)集成方法[J];自動(dòng)化學(xué)報(bào);2011年11期

，

本文編號(hào)：2371634