【作者】 郭爱伟；

【导师】 陈立潮； 叶树华；

【作者基本信息】 中北大学 ， 计算机应用技术， 2006， 硕士

【摘要】 随着计算机网络应用的普及和网上商务活动的日益频繁,计算机系统的安全问题越来越突出。入侵检测系统(Intrusion Detection System,IDS)是信息安全体系结构的重要一环。计算机安全问题的日益突出,对入侵检测系统提出了更高的要求。然而,传统的入侵检测系统在有效性、适应性和可扩展性方面都存在不足。针对这些不足,本文将从数据处理的角度,用数据挖掘的方法根据海量审计数据建立描述入侵行为的模型。通过归纳学习得到分类规则,并以此作为描述入侵行为的工具。本文首先对入侵检测技术的背景进行了简要的说明和归类。然后论述了数据挖掘知识及数据挖掘在入侵检测中的应用。将主要研究方向定在入侵检测分类模型的构建上,使用数据挖掘技术开发一套自动化、系统化的构建入侵检测模型的方法。重点论述的是在入侵检测领域广泛应用的分类算法——决策树分类算法。给出了加快计算速度的方法,并提出了用多子集分层的决策树算法来建立分类模型,该算法主要是结合分层和决策的思想构建的。同时还研究特征属性的选取对分类效果的影响。在 KDD99 提供的实验数据上,经过预处理、特征属性选取,使用本文提出的多子集分层的决策树算法建立分类模型,得到各类入侵行为的决策树和分类规则。证明了该分类模型具有较好的分类效果。更多还原

【Abstract】 With the popularization of the applications of network-based computersystems and the increasing frequency of e-commerce, security issues become moreand more outstanding. Intrusion detection system (IDS) plays important rolesin the information security architecture. The computer criminal is more and morepressing and dangerous nowadays, which poses urgent demands on the performanceof IDS. However, current intrusion detection systems lack effectiveness,adaptability and extensibility. Aimed at these shortcomings, this thesis takesa data-centric view to IDS and describes a framework for constructing intrusiondetection model by mining audit data. Classification rules are inductivelylearned from audit records and used as intrusion detection models.This thesis first provided the background on IDS. We then provided the datamining knowledge and the applications in Intrusion Detection. We focused on theconstruction of classification models. The goal of this thesis research istherefore to develop a framework that facilitates automatic and systematicconstruction of IDS. This thesis researched on an algorithm that the field usesextensively in Intrusion Detection System is decision tree classificationalgorithm. The thesis also provided the method to accelerate computationalspeed, and has proposed setting up classification model with the decision treealgorithm that many subsets hierarchy. This algorithm mainly combines thethought of hierarchy and decision to structure. Also it is the most importantissue to construct a set of proper features for the classification models.At last, we described in the process of building many subsets hierarchyclassification models from data provided by KDD99, get the decision trees andclassification rules of all kinds of intrusion behaviors. Have proved that thisclassification model has better classification results.更多还原