【作者】 范茂；

【导师】 宋俊德；

【作者基本信息】 北京邮电大学 ， 计算机技术， 2012， 硕士

【摘要】 随着信息通信技术的发展和用户应用需求的增加,手机由简单的通信工具向娱乐、办公、通信与一体的智能化终端发展。智能手机支持独立的操作系统,系统上能安装和使用第三方软件,使手机一改以前只能提供简单的话音和文字信息服务,开始集成了短距离无线传输、多媒体信息收发、移动联网、移动办公、音视频娱乐和简单图像处理等功能,使手机毅然成了一个移动PC。在用户享受智能化给生活带来便利和乐趣的同时,针对智能手机的病毒入侵和破坏行为也日渐增多,给用户的通信安全和用户体验造成极大不利影响。而反手机病毒技术发展相对滞后于病毒的更新,基于此我们迫切需要将在计算机反病毒方面的经验和技术积淀用到手机病毒研究领域,本文针对手机病毒的入侵检测技术的研究与实现便在此种背景下提出。本文首先详细介绍了手机病毒的特点和运行原理并分析了聚类算法在入侵检测中应用的可行性。再针对手机病毒的特点提出了基于异常数据学习的增量层次聚类算法,该算法是一种凝聚型层次聚类算法,用指定的代表点来表示每簇中的实际数据。同时利用一个收缩因子来控制代表点的数据分布,这一方法能有效的表示不规则的数据分布,同时对异常数据点也有很好的适应性。本算法的创新之处是能利用新增异常数据对前期的建模数据结果簇进行修正,从而使算法具有自学习的能力。能在有效利用前期建模结果的基础上,将最新的病毒特征数据加入到病毒特征库中,这一方法也有效的解决了层次聚类是上步操作一旦完成,聚类簇中数据不可更改的缺点。本文针对手机病毒入侵检测的应用要求,在学习和改进前人研究成果的基础上提出了“基于异常数据学习的增量层次聚类算法”(The incremental hierarchical clustering algorithm based on learning abnormal data)简称ICLAD。该算法能很好的解决手机病毒检测应用需求,并以该算法的思想指导设计和开发了针对手机病毒的入侵检测系统,系统部署在移动通信系统的核心网侧,系统通过对网络中获得的海量手机通信数据进行建模学习,从中得到正常和病毒数据特征库,再利用这些属性特征库对网络数据进行检测,以发现异常数据,来给用户提供一个安全可靠的通信环境。系统测试结果表明：该系统能有效的从无类标号的数据中得出规则,利用该规则对数据测试能达到较好的检测目的。更多还原

【Abstract】 With the development of ICT and the applications of user demand, mobile phones turns can from the traditional "da ge da" as only receive calls gradually to intelligent direction. Smart phone supports a separate operating system, where the system can install and use third-party software, make the phone a change t hat can only provide simple voice and text message service before, starting with integrated short-range wireless transmission, multimedia messaging, mobile Internet, mobile office, audio and video entertainment and simple image processing functions, to become a mobile PC. With the user enjoying a lot easier and fun of life bridged by Intelligent, the viruses and vandalism for smart phones is also increasing, which caused great negative impact to the user’s communication security and user experience. The anti-virus technology is lagging behind mobile phone in the virus updates, so we urgently need anti-virus computer experience and accumulation of anti-virus used in the field of mobile phones based on this. The research and implementation against intrusion detection technology of mobile phone viruses is put forward.This paper describes the characteristics and operation principle of mobile phone viruses in detail and analysis feasibility of the clustering algorithm in the application of intrusion detection. Then proposing incremental hierarchical clustering algorithm based on Study of abnormal incremental data the characteristics of the virus, which is a cohesive hierarchical clustering algorithm, using the designated representative point of each cluster to represent the actual data. It uses a shrinkage factor to control the data distribution of representative points at the same time. This method is effective to represent irregular data distributions, and have a good adaptability to anomaly point data at the same time. The innovation of this algorithm is that it is able to use incremental abnormal data to correction modeling data on the pre-cluster, So that the algorithm has the ability of self-learning. It will add the latest virus signature data to the virus signature database, based on the effective using of pre-modeling results. This approach is also effective to solve the shortcoming of that once all step has been done, he data in the clustering of clusters can’t be changed.This article designed and developed intrusion detection system against mobile phone viruses according to "based on abnormal data studying Incremental hierarchical clustering algorithm" and the characteristics of mobile phone virus. System models vast amounts of data obtained through the network, get the normal virus signature data, and then detect the network data using these signatures. System test results show that:the system can effectively derive rules from classless data, achieve better detection purposes by testing using the rules.更多还原