【作者】 王明生；

【导师】 王艳清；

【作者基本信息】 北京化工大学 ， 计算机应用技术， 2011， 硕士

【摘要】 本文把网络入侵检测系统作为解决计算机网络安全的一种重要手段。经过数据集的数值化和归一化等预处理后,利用特征提取算法对训练数据集的入侵特征进行提取。在此基础上,重点研究了利用分类和聚类算法实现样本的分类。网络数据包采集和分析系统实现了网络入侵检测系统的自我更新。本文分析了计算机网络所面临的安全挑战,提出了利用入侵检测系统来解决网络安全问题的方法。然后详细阐述了网络入侵检测系统的概念、体系结构和发展趋势,并把NSL_Data数据集作为网络入侵检测系统的训练和测试样本集。训练样本标准化后,本文对不同模型下的特征提取算法进行研究和比较,采用Relief算法对入侵特征区分样本类别的能力进行评估并根据权值条件选择最优特征子集,实现入侵特征维数的降低。本文采用决策树模型对样本进行分类。基于最小二乘支持向量机的一类分类器能够快速而准确地对正常样本和异常样本进行分类,从而大大降低基于最大距离的多隶属度模糊C均值算法面临的样本压力,实现对异常样本的快速收敛和正确分类。网络数据包采集和分析系统能够根据自定义的策略实时地捕获局域网中的数据包。在对数据包进行分析和信息提取后,将网络连接转变成标准的训练样本存储到数据库中,实现数据库的不断更新和和完整性。每隔一段时间利用数据库中的新样本对入侵检测系统重新进行训练和学习,不断的调整和更新入侵检测系统,使其能够识别新的攻击类别和弥补不足,保证系统的分类准确率。根据测试数据集的实验表明,基于模糊支持向量机的网络入侵检测系统具有较高的检测效率和精度,能够满足海量数据的实时检测要求。采用Java语言进行开发设计降低了入侵检测系统的平台依赖性。更多还原

【Abstract】 This paper makes the network intrusion detection system as the most important to insure the safety of internet. After the numerical analysis and normalization, this paper uses all kinds of feature extraction methods to reduce the intrusion dimension. Then it focuses on the classification model and clustering model to divide the samples into different categories. At last it designs a real-time network data acquisition and analysis model to realize the update of itself.This paper discusses the challenges in the computer safety at present and proposes the network intrusion detection system to solve them. Then the paper introduces the concept, architecture and developing trend of the system in details and makes the data set named NSL_DATA as training and testing data set. After the standardization of data set, this paper proposes the algorithm named Relief to reduce the dimension of intrusion features and the complexity of training data set. According to the ability to distinguish the type of the training samples, it estimates the metric of features and extracts part of features which satisfy conditions to make them as the best feature subset. Using the decision tree model, one-class classification of least squares support vector machine model can distinguish the normal and abnormal training samples quickly and precisely so that it greatly cuts down the data pressure of fuzzy c-means model to effectively improves classification accuracy and convergence of the abnormal samples. The data acquisition and analysis model can seize network data packets in real time to analyze and extract information according to the customize strategy. After that, the model transforms network connections to the standard training data and stores them into the database system to insure the update of itself and integrity so that the network intrusion system can restart another training at regular intervals to adjust and update the intrusion detection system in order to recognize new attacks and make up for the gaps to raise the classification accuracy.According to the testing data set, experiments show that the network intrusion detection system based on FSVM can satisfy the characters of real-time and huge data and has greatly improved the efficiency and classification accuracy. The system uses Java as the developing language which reduces the platform-dependent.更多还原