【作者】 张雪琼；

【导师】 胡汉平；

【作者基本信息】 华中科技大学 ， 模式识别与智能系统， 2006， 硕士

【摘要】 在网络安全问题日益突出的今天,如何迅速而有效地利用入侵检测系统发现并正确响应各种入侵行为,对于保证系统和网络资源的安全十分重要。传统的入侵检测系统及模型尚存在各种各样的问题,尤其是在检测算法和决策机制上的研究还有待深入。因此,如何建立起有效的入侵检测系统,使它在网络空间与网络攻击(入侵)进行的体系对体系的对抗中获胜,具有十分紧迫的意义。鉴于传统的入侵检测系统在检测和控制机制上均需人工干预所呈现出的低效性,提出了一种基于博弈论的入侵检测系统,在应用异常数据挖掘算法自动标记过滤数据的基础上,针对网络攻防双方所固有的博弈本质,对入侵检测器的分类结果做出权衡和评估,得出精确的决策以响应入侵。在检测算法上,克服了传统的异常数据挖掘算法存在的时间复杂度较大的缺陷,设计了一种基于距离的异常数据挖掘算法,DBOM算法。通过筛选权值高的活性数据的方法和分块读取数据的技术,降低了传统算法运行时间,并提高了入侵检测系统的检测效率。在决策控制机制上,引用博弈论的思想,建立了量化的决策控制过程的数学模型。该模型模拟了网络攻击过程,评估了入侵给系统带来的损失,并权衡两类错误(虚警和漏警)的开销和有限的网络系统资源,对入侵做出了更精确的响应决策,从而整体提高入侵检测系统的效率。对异常数据挖掘算法和基于博弈论的入侵检测模型的实验结果表明,基于博弈论的入侵检测系统的检测和决策控制效率都较传统的入侵检测系统有一定的提高。更多还原

【Abstract】 Since the problem of network security is more and more severe today, how to detect and act the intrusion quickly and precisely through the intrusion detection system is very important to the network security. However, most existing intrusion detection systems and intrusion detection models all have their deficiencies, especially have deficiencies in detection algorithm and decision mechanism. Thus how to establish an efficient intrusion detection system to win the counterwork between the network attacker and defender is put in an urgent need.Due to the existing intrusion detection systems most need human intervention both in detection and decision making, an intrusion detection system is put forward in this paper. This system assesses and weighs with the results from the detector and make the precise decision to act the intrusion based on the game between the network attacker and defender after automatically label the data sets using the outlier detection algorithm.In the part of detection algorithm, an outlier detection algorithm based on distance (DBOM algorithm) is designed in this paper and the algorithm overcomes the deficiency of the traditional algorithm in time complexity. This algorithm reduces the executing time greatly and thus improves the intrusion detection efficiency by using the selection of active data with high weights and reading in block technologies.In the part of decision and control mechanism, a quantitative decision and control framework is established based on game theory in this paper. The framework simulates the process of the network attacking, assesses the cost caused by the intrusion, weighs with the two kinds of the false alarms and the limited network resources and acts the intrusion more precisely. Thus it improves the efficiency of the intrusion detection system.In all, the emulation and experiment results shows that the intrusion detection system based on game theory improves the efficiency of the intrusion detection system both in detection and decision making mechanism.更多还原