【作者】 刘完芳；

【导师】 黄生叶；

【作者基本信息】 湖南大学 ， 计算机应用， 2007， 硕士

【摘要】 随着互联网的迅猛发展,黑客攻击日益猖獗,网络安全问题日趋严峻,据统计,全球几乎每20秒就有一起黑客事件发生,仅美国每年由此造成的经济损失就超过100亿美元,因此,网络安全成为当今社会关注的焦点。目前,实现网络安全的技术包括:入侵检测技术、防火墙技术和安全路由器技术等,其中的入侵检测技术由于其对已知的各种入侵具有较好的识别能力,成为P2DR(Policy, Protection, Detection, Response即策略、防护、检测、响应)安全模型的一个重要组成部分,它是动态安全技术的最核心技术之一。从上世纪80年代Anderson提出入侵检测模型和80年代中期SRI公司设计并成功实现著名的IDES(入侵检测系统)以来,尽管入侵检测技术已取得了很大的发展,但是,随着网络技术的飞速发展与信息传输的实时性要求加快,入侵检测仍面临不少问题,如检测率不高、漏报率较高、检测速度不适应高速网络的发展等。为解决当前入侵检测系统存在的问题,人们正研究在入侵检测中如何采用机器学习方法和数据挖掘技术实现入侵检测的智能化。本文紧密围绕智能入侵检测中特征提取和基于数据挖掘的数据分类这二方面的关键技术开展研究。1.在入侵检测特征提取方面,研究了采用主成分分析(Principal Component Analysis,PCA)和核主成分分析(Kernel Principal Component Analysis,KPCA)的入侵检测特征提取方法。通过对入侵检测KDDCUP99数据集进行大量对比实验,表明,采用核主成分分析后数据的维数,只有采用主成分分析后数据维数的一半,入侵检测的检测率也提高了近3个百分点。2.研究了当前智能化入侵检测系统当前存在的问题,并把数据挖掘技术应用于入侵检测系统。论述了基于Apriori算法和CAEP(通过聚集显露模式分类)的入侵特征提取的原理,结合ORACLE9i的数据挖掘引擎,分析其建立分类、预测和关联类的基本数学模型,以及通过JAVA为基础的API来访问这些数学模型的建立和评价(Building and Scoring)功能。3.设计了一个基于数据挖掘算法并集成神经网络的网络型入侵检测系统的原型。通过在入侵检测系统的引擎中采用数据挖掘算法,不仅提高了系统的检测率,而且,由于采用的数据挖掘算法具有自学习功能,实现了入侵检测的智能化。更多还原

【Abstract】 With the rapid development of Internet, hackers’attacks are becoming more and more severe, thus Internet security defense is doomed to be a serious concern. It is estimated that a single hacker incident takes place every 20 seconds, just within U.S.A and the total economic loss caused by such attacks amounts to more than one thousand billion U.S dollars in a year. Internet security has been a focus of modern social concern. For the time being, internet security technology includes intrusion detection technology, fire walls, security routers and so on. And among them, intrusion detection systems (IDSs) have relatively better identifying ability against various sorts of intrusions, so IDS turns to be a main part of the P2DR (Policy, Protection, Detection, Response) security model.From Anderson’s intrusion detection conception model in 1980s and SKI corporation’s designing and successful achievements of the famous IDES to nowadays’IDS products, although intrusion detection technology has made great progresses, it still has some defects and disadvantages such as low detection rate for novel attacks, high frequency of false alarms, etc. To solve this difficult problem in intrusion detection, machine learning and data mining techniques in intelligent IDSs has become a hot topic in the literature. This dissertation focuses on the feature extraction and automatic data classification based on machine learning in intelligent IDSs.1.Feature extraction methods based on Principal Component Analysis (PCA) and Kernel Principal Component Analysis (KPCA) are studied. Large amounts of experiments for intrusion detection with the KDD-CUP99 dataset are conducted, and the results demonstrate that the data dimension using KPCA is a half of that using PCA and the detection rate of KPCA is improved by 3 percent.2.Studied the problems in the intelligent intrusion detection,and adopted the data mining in the intrusion detection system. Proposed the principle of Apriori algorithm and CAEP and approve these methods in characteristic extraction,in intrusion detection, unifies ORACLE9i the data mining engine, analyzes its establishment classification, forecast and is connected several kind of basic mathematical models, as well as how to access the building and scoring functions of this model through JAVA-based APIs3.A system architecture based on data mining and ensemble learning is designed for intelligent intrusion detection systems, so that higher detection rate and learning efficiency can be obtained by using the self-learning function in neural networks.更多还原