【作者】 张宝华；

【导师】 于青；

【作者基本信息】 天津理工大学 ， 计算机应用技术， 2010， 硕士

【摘要】 入侵检测作为一种主动防御技术,弥补了传统安全技术的不足。但由于入侵手段的复杂性和多样性,至今仍然没有找到入侵行为与网络连接信息数据特征之间的函数关系,机器学习正是试图对这种函数关系进行逼近和估计的有效方法。支持向量机(SVM)是一种建立在统计学习理论基础之上的机器学习方法,能较好地解决有限样本、非线性、高维数、局部极小点等问题。将支持向量机方法用于入侵检测,可以获取较好的检测性能。本文在深入研究支持向量机理论及其应用的基础上,提出了一个基于支持向量机的分类器模型,并将该模型进行完善,应用于入侵检测。结合入侵检测的CIDF结构,进一步提出基于支持向量机的入侵检测系统模型,该模型主要包括网络数据捕获模块、网络连接信息提取模块、数据预处理模块、SVM训练模块、SVM支持向量库、事件日志库和输出及响应模块等,并针对各模块功能进行阐述。本文在深入研究支持向量机各种算法和核函数选择的基础上,改进已有算法,选择不同的核函数,调整参数,使其达到最好分类效果,并实现支持向量机的两类分类和多类分类,利用已有数据验证了算法的优越性。本文用主成分分析、因子分析等统计方法对原数据进行降维处理,在此基础上,提出了一种新的特征提取和选择方法,即基于自适应特征加权的特征提取和选择方法,并将此方法运用于数据特征的提取和选择。本文将支持向量机与基于自适应特征加权的特征选择两种算法结合起来,用于入侵检测。实验证明,不论是两类分类还是多类分类,采用新的算法,分类精度有了明显提高,同时,训练时间和测试时间也有不同程度的改善,特别是训练时间,大幅提高了系统性能。另外,自适应特征加权是对训练数据样本进行因子分析,直接得到特征加权系数,改变了以往参数试值的局面,简单易行。更多还原

【Abstract】 Intrusion detection system (IDS), which is an active defense technology, bridges a gap to classical defense system.However, because of the complexity and variety of intrusion, at present, the function relation between intrusion and data feature of network link information has not been found. It is lerning machine that try to approximate the function relation.Support vector machine (SVM) is a learning machine based on statistic learning theory. It can solve many problems, such as limited sample, nonlinear space, high dimension, local extremum and so on. We put the SVM into IDS, and it can get better detection effect.Based on the deep research to support vector machine theory and its application, we present a classification model based on SVM. Improve this model, and put it into IDS. In combination with IDS’ CIDF structure, we present IDS’model based on SVM further. This model includes network data capture module, network link information module, data precondition module, SVM training module, SVM support vector base, event log base and response module.Based on the deep research to series of SVM algorithm and kernel function selection, we improve visible algorithm, select suitable kernel function, adjust parameter, and make it get the best effect. Then, we complish the SVM’s binary classification and multi-class classification, take experiment and prove the superiority of SVM classification using KDD CUP’99 data set. In this paper we do dimension reduction to original data with suitable statistical method, such as principal component analysis and factor analysis. On this base, we have presented adaptive feature weighted SVM and put it into data feature selection. In this paper we conbine two algorithm, and put them into our model. Experiment result shows that detection precision has rised obviously, meanwhile, the training time and the test time have also improved variously for both binary classification and multi-class classification. Especially, the training time has reduced sharply. Thus, the system performance has promoted accordingly. On the other hand, adaptive feature weighted, according to factor analysis for training data samples, can get feature weighted factors directly. It has varied the situation of parameter trying. So it makes the process simply.更多还原