基于计算智能的自主网络入侵检测方法研究

【作者】 郑凯元；

【导师】 叶茂；

【作者基本信息】 电子科技大学 ， 软件工程， 2009， 硕士

【摘要】 近年来随着网络技术的迅速发展,网络信息系统在社会各个领域都发挥着巨大的作用,然而网络攻击和风险也随处可见,攻击手段也越发复杂多样。防火墙等静态或者定期更新的防御手段已经不能确保网络信息的安全,网络安全问题成为人们关心的焦点。联网计算机迫切需要一种及时有效的方法来检测并避免网络风险。入侵检测技术作为一种主动的,能够及时发现、阻止网络风险的有效手段,正在被越来越多的人所关注。入侵检测系统(Intrusion Detection System, IDS)的发展也非常迅速,对网络安全的进步做出了巨大的贡献。但是目前很多IDS都是基于规则检测,他们能非常准确地检测出已知入侵,但是对于新型的攻击或者异常却很难检测。因此,研究并开发出一种能检测出新型攻击的入侵检测系统对推进网络安全的发展有着重大的意义。基于上述背景,本文对近年来的入侵检测技术的发展进行了研究,重点研究了基于序列模式挖掘的入侵检测以及网络发布算法。提出了一种具有自我学习能力的基于计算智能的自主网络入侵检测方法,并取得了一定成果。文章主要内容包括:1、在纯净网络环境下对网络数据流进行采样并提取正常的数据请求序列,对数据请求序列进行分类,提取出正常频繁情景规则。在混杂网络环境下,提取数据流中的频繁情景规则,并采用滑动窗口方法来进行规则匹配,找出异常行为。2、利用群集智能方法计算对异常行为的异常指数,并提取异常特征序列疫苗。利用网络发布算法对自主网络发布疫苗。采用人工免疫学中的克隆、变异、进化产生相应的抗体,抗体在系统中存在固定的生存周期,分别是未成熟时期,成熟时期和记忆时期。本文在KDDCUP99数据集上进行仿真实验,实验结果表明在特定环境下,本文方法能够对部分新型攻击的检测率能达到60%以上。更多还原

【Abstract】 In recent years, with the rapid development of network technology, network plays an enormous role in our lives, however, network risk and network attacks can be seen everywhere. With the development of networks, attacks have also become increasingly complex and diversified. Traditional network security technology, such as firewall, can not ensure the safety of confidential information in networks. How to protect information in networks becomes the focus of the research. As a pro-active and effective method, Intrusion Detection Technology is being more and more emphasized.Intrusion Detection System (IDS) has been developing rapidly, a lot of tremendous contributions have been made to the safety of the network. However, most of current IDS are rule-based detection, they can detect known intrusion accurately, but it is difficult to detect new type of abnormalities. Therefore, the research of developing a new Intrusion Detection System, which can detect new type of intrusions, is of great significance.On the basis of above background, we have studied and analyzed the intrusion detection technology in recent years, and focused on data-mining and information spreading technology. Finally, a new method of intrusion detection based on Computational Intelligence was presented in this paper. It is proved effective on specific environment. Main content of this paper are:1. Get the network service sequence from a pure network environment, and classify network service sequence to extract the normal characteristics of the frequent episode rules. In the promiscuous environment, extract frequent episode. Find out the abnormal behaviors by using a sliding window approach on the sequence.2. Identify the abnormal behavior and calculate the abnormal score by using swarm intelligence methods. Extract the signature of the abnormal sequence and release to other nodes in the local networks. Artificial Immune technology is used for managing the existed signature in system.At last, simulation experiment is carried out on the data sets of KDDCUP99. Experiment result shows about 60% of the new attacks in dataset can be recognized.更多还原