【作者】 邬书跃；

【导师】 樊晓平；

【作者基本信息】 中南大学 ， 计算机应用技术， 2012， 博士

【摘要】 入侵检测是一种用于检测计算机网络系统中入侵行为的网络信息安全技术。本文针对入侵检测的发展趋势和应用需求,重点研究了基于支持向量机(SVM)和贝叶斯分析技术的入侵检测重要方法,解决入侵检测精度和速度的迫切需要。本文的研究工作和创新点主要包括：(1)提出了在少量样本条件下,采用带变异因子的SVM协作训练模型进行入侵检测的方法。充分利用大量未标记数据,通过两个分类器检测结果之间的迭代训练,可以提高检测算法的准确度和稳定性。在协作训练的多次迭代之间引入变异因子,减小由于过学习而降低训练效果的可能。仿真实验表明,本方法的检测准确度比传统的SVM算法提高了7.72%,并且对于训练数据集和测试数据集的依赖程度都较低。(2)提出了在少量样本情况下,采用SVM Tri-training方法进行入侵检测的技术。该方法充分利用大量未标记数据,通过三个分类器检测结果之间的迭代训练,不必使用交叉验证,适用范围更广,且准确度更高。仿真实验表明,本方法的检测准确度比SVM Co-training算法提高了2.1%,并且随着循环次数的增加,其性能优势更加明显。(3)提出了一个由三个相互作用的部件组成的高效攻击分类模型,可以自动和系统地对入侵检测系统中检测到的攻击进行分类。使用了改进的贝叶斯分析技术来训练分类器。基于异常的入侵检测系统常常受制于其对攻击分类能力的缺乏,因此安全研究人员非常关注攻击分类技术的研究。仿真结果表明本模型在资源使用和攻击分类精度上都有较大提高。(4)针对当前高速网络中入侵检测系统普遍存在的“性能-精度”失衡问题,提出了对占据较大比例的P2P流量进行提前识别和过滤的双层模型。该模型由单流内部流量特征的贝叶斯网络识别算法与多流之间行为特征SVM识别算法组成。仿真实验表明,本方法相对于传统的基于流量特征的识别技术,检测准确度提高了5.4%,并且具有较好的稳定性。更多还原

【Abstract】 Intrusion Detection is one of the network information security techniques to detect the intrusion in computer network system. Catering to the developing trend and application demands, this dissertation focuses on the key techniques of the intrusion detection based on Support Vector Machine (SVM) and Bayesian analysis. The research and its main innovations are as follows.(1) It proposes SVM co-training model with mutagenic factors for intrusion detection on a little sample data. Making full use of the unmarked mass data, both the accuracy and the stability of the detection algorithm may be improved based on the iterative training of two classifiers’detection results. The introduction of mutagenic factors into multiple iterative operation in co-training reduces the possibility of lowering the training effects due to overwork. Simulation experiment shows that the accuracy of the detection in the research increased by7.72%than that of the traditional SVM algorithm and that it depends much less on both the training dataset and the detection dataset.(2) It also proposes SVM Tri-training for intrusion detection on a little sample data. Making full use of the unmarked mass data, this approach is based on the iterative training of three classifiers’ detection results. In this way the cross validation is not applied, the scope of application is broadened and the accuracy is.increased. Simulation experiment shows that the accuracy of the detection in this research increased by21%than that of SVM Co-training and that the excellent performance becomes more apparent with the increasing cycle index.(3) It proposes a high efficient classification model which consists of three interactive parts and may classify the detected attacks automatically and systematically. We employ the modified Bayesian analysis to train the classifier. Abnormity-based intrusion detection is often subject to its classification ability and therefore security researchers pay much attention to the study on the attack classifying techniques. Simulation experiment shows that the utilization of resources and the attack classifying accurcy are much improved.(4) To the imbalance of "performance-accuracy" which is common in the high speed network’s intrusion detection system, this essay proposes a double model to recognize and filter in advance the P2P flow which takes relatively major proportion. This model consists of the single-flow Bayesian Network recognition algorithm and the multithread SVM recognition algorithm. Simulation experiment shows that compared with the traditional flow-based recognition algorithm, the accuracy of the detection in this research increased by5.4%with a good stability.更多还原