【作者】 刘胜利；

【导师】 贾传荧；

【作者基本信息】 大连海事大学 ， 交通信息工程及控制， 2004， 硕士

【摘要】 随着计算机网络技术的发展，计算机网络在交通运输领域也得到了广泛的应用。计算机网络的普及和应用，对网络安全提出了更高的要求。入侵检测作为网络安全研究的重要内容，更是引起了国内外的广泛关注。 传统的入侵检测方法存在误报、漏报及实时性差等缺点，特别是需要大量或者完备的训练数据才能达到比较理想的检测性能，并且训练时间较长。所以研究在小样本的情况下，能正确提取训练数据特征，且生成的模型具有良好的泛化性能的入侵检测方法，具有重要的理论和现实意义。 本文通过对当前入侵检测系统中检测方法所存在的一些问题的分析，结合支持向量机分类算法的特点，将支持向量机作为检测方法应用到网络入侵检测领域。 通过对传统支持向量机算法分类性能的分析，为了解决传统支持向量机生成支持向量存在重复问题，本文提出了一种自动加权支持向量机，对C-SVM改进的AW-SVM(Auto-Weighted SVM)算法。考虑到C-SVM的特点以及在入侵检测时检测攻击比检测正常数据更重要的事实，提出了WC-SVM(Weighted C-SVM)算法，在训练时对重要的类和样本加权，从而降低了对重要样本错分的可能。根据网络数据是奇异数据的特点，本文还对分类算法中的核函数进行了修改，使之能更适合网络数据的检测。 根据改进后的支持向量机算法和核函数，本文设计实现了一个基于支持向量机的入侵检测分类器，并对其效果进行了测试。测试结果表明，改进算法的训练速度和分类速度都非常快，对每条记录的处理都在毫秒级，且精度较高，普遍高于一般的分类算法。结果也表明，支持向量机算法的学习能力很强，对于新的入侵方式也有很好的效果，可以检测未知的攻击，具有较好自学习的能力。更多还原

【Abstract】 With the development of computer network technology, in the transportation field, computer network has been extensively used. With the popularization and application of computer network, more and more attentions are being focused on the networking security, as one of the most important content of networking security, IDS attracted attentions from all over the world.There are many defects in traditional intrusion detection methods such as false negatives, false positives etc., which need amounts of training data and long time to get good detection performance. So it is meaningful to find a method which can detect attacks by small amount training data in short time.Through the analysis of current intrusion detection methods and characteristic of support vector machine (SVM), this paper tries to apply SVM as classifying means to network intrusion detection field.By analyzing traditional C-SVM, we found that it is over-dependent on every training sample, even if the samples are multi-duplicate. This dependence would result in more time for training and more support vectors. More support vectors result in more time for classifying new samples. In order to overcome this dependence, we propose AW-SVM (Auto-Weighted Support Vector Machine). Considering C-SVM does not take into account the different importance of training samples, we propose a WC-SVM algorithm, it introduces weight factors of classes and importance factors of training samples to C-SVM and decreases the probability of misclassifying important samples. Combining the characteristic of network data, we revised the kernel function of SVM,According to the changed algorithm and kernel, we designed one SVM-based classifier for intrusion detection, and tested the classifier. Experiment shows that the speed of training and classifying is very high, and it is very good and suitable for networking intrusion detection.更多还原