【作者】 何世平；

【导师】 胡正名；

【作者基本信息】 北京邮电大学 ， 应用数学， 2008， 硕士

【摘要】 基于数据挖掘的入侵检测技术是网络安全研究中的热点领域,特别是在分布式入侵检测系统中,数据挖掘的应用尤其重要。论文着眼于入侵检测的数据挖掘过程,从入侵检测系统的建模入手,应用元数据理论、数据融合技术、决策支持技术和模糊技术进行研究。数据挖掘过程是论文的主线,论文首先应用元数据描述来贯穿入侵检测的数据挖掘过程,将元数据应用到IDS数据融合、决策支持、消息交换的各个层面。其中,(1)元数据对入侵检测系统的数据对象进行规范化描述,如:描述网络数据协议树和数据包特征属性、描述入侵检测规则、描述入侵检测事件等;(2)在上述数据处理(融合)的基础上定义了入侵检测系统决策支持模型,并用元数据进行了描述;(3)考虑到IDS系统组件之间的通信,在相关国际组织标准化工作的指导下,应用元数据重新定义和描述入侵检测消息交换格式(IDMEF)。基于上述内容,论文提出一个基于元数据描述的入侵检测外体模型——MDBIDS。在MDBIDS中,数据融合的作用与Tim Bass的入侵检测数据融合模型不同,论文采用的狭义数据融合过程更有利于入侵检测系统在态势评估与威胁估计上的衔接与实现。论文还应用一类特殊的决策矩阵——模糊互补判断矩阵对分布式入侵检测中存在的多专家(传感单元)决策情形进行了研究,给出了一种求解排序向量算法,并进行了实例验证。需要说明的是,此算法只是应对多专家(传感单元)决策情形的探讨,并不代表MDBIDS的决策支持模块中应用的算法。论文给出了MDBIDS关键模块的原型实现,具有工程应用价值。论文对存在的一些不足以及需要进一步研究的方向作了说明。更多还原

【Abstract】 Intrusion detection technology based on data mining is considered to be a hot domain of researches on network security. The applications of data mining play important roles especially in the distributed Intrusion detection systems. We focus on data mining process of intrusion detection, and set about the work from modeling of intrusion detection system, with application of metadata, data fusion technology, decision support technology and fuzzy technology for intrusion detection systems.Data mining is the mainline of the paper, so we first use metadata description to run through the data mining process of intrusion detection, metadata can be applied to the data fusion, decision support, the exchange of information at all levels. (1) The data object in IDS can be defined by metadata; for example, it describes the network data protocols and packet attributes, intrusion detection rules, and intrusion detection incident; (2) Moreover, it defines a decision support model of Intrusion Detection System on the basis of above-mentioned data processing (integration), and use metadata to describe; (3) Taking into account of the communication between system components, it makes a redefinition and description of Intrusion Detection message exchange format (IDMEF) under the guidance of the standardization work of relevant international organizations.Based on the above, this article provides a metadata model of intrusion detection—MDBIDS. In MDBIDS, unlike the role of Tim Bass Intrusion Detection Data Fusion model, the narrow data fusion is conducive to intrusion detection system assessment and threat assessment. The paper also uses a special kind of decision-making matrix - Fuzzy complementary judgment matrix for Distributed Intrusion Detection in Multi-experts (sensing unit) decision-making situations. A vector algorithm for sorting is provided and the example is verified. It should be pointed out that the algorithm is to Multi-experts (sensing unit) of decision-making situations and does not represent MDBIDS decision support modules. In chapter V we give prototype implementation for several key modules of MDBIDS, which is applicational for software engineering.In the last part, some incomplete problems are put forward. And it also advances the future direction for research.更多还原