节点文献
基于混沌时间序列和SVM的入侵检测系统研究
Research on Intrusion Detection System Based on Chaotic Time Series and SVM
【作者】 王金林;
【导师】 戴居丰;
【作者基本信息】 天津大学 , 通信与信息系统, 2010, 博士
【摘要】 针对目前愈加频繁出现的分布式、多目标、多阶段的组合式网络攻击事件ˋ以及下一代互联网可能会出现的未知安全问题ˋ提高入侵检测系统的检出效率和智能化势在必行?本文系统研究了混沌时间序列分析的基本理论和一般方法ˋ提出了应用混沌时间序列分析方法来进行报警信息混沌时间序列预测ˋ把混沌技术成功地应用到入侵检测系统ˋ实现了对特征库中各特征量根据报警信息时间序列的预测进行优化和更新ˋ不仅提高了入侵检测系统对已有特征量对应攻击的识别效率ˋ还可以通过预测新的特征量来识别同一种攻击方法的许多变种以及全新攻击包。本文深入研究了支持向量机理论及其应用ˋ提出了一个支持向量机分类器ˋ实现了支持向量机的两类分类和多类分类ˋ并将该分类器用于入侵检测ˋ建立了基于支持向量机的入侵检测模型?结合网络流量异常检测的特点ˋ讨论了异常检测的特征选择问题ˋ提出了网络流量的对称性?协议分布?异常报文统计以及包长度统计变量等具有代表性的特征参数?描述了数据的预处理方法?实验结果表明ˋ基于支持向量机的网络异常检测方法不仅可以有效地检测各种高强度的扫描行为ˋ同时误报警率较低。本文详细研究了特征分析理论ˋ提出了一种新的基于自适应特征加权的特征选择方法ˋ并将其用于入侵特征的提取ˋ将属性选择技术和SVM分类有机地结合,有效地降低了算法的时间复杂度和空间复杂度ˋ改变了以往参数试值的局面?实验结果表明ˋ分类精度有了明显提高ˋ同时ˋ训练时间明显改善ˋ测试时间也有效减少ˋ使模型具有迅速响应的能力ˋ有效提高了入侵检测系统的准确性和实时性?
【Abstract】 In view of the unknown security issues which the next generation internet may encounter,as well as the increasingly frequent distributed, multi-objective, multi-stage network attacks confronting us nowadays, it is imperative to enhance the detection efficiency and intelligence of Intrusion Detection System.With the development of chaos theory and research on its applicationˋnonlinear time series analysis has become a major research hotspot of nonlinear information processing, and has been widely applied to interrelated engineering region. Studing the basic theories and general methods of chaotic time series analysis deeply and systematically, the method of chaotic time series analysis is proposed to predict alerm information, by which the chaos technology is applied to Intrusion Detection System successfully. Then we can optimize and update the eigenvector according to predicting the alarm information chaotic time series. The efficiency of identify the attack of existing eigenvector will not only be improved; many variation of the same attack method and new attack packets can also be identified by predicting new eigenvector.Studing the basic theories and its application of Support Vector Machine deeply, we present a classification model based on SVM and complete the SVM’s binary classification and multi-class classification. Putting it into IDS, an intrusion detection model based on SVM is built. In combination with the feature of network traffic anomaly detection, we study the problem of feature selection in anomaly detection and the representative characteristic parameters of network traffic is proposed, such as the symmetry, protocol distribution, abnormal packet statistics as well as the length of packet statistics,with the data pre-processing method described. The experiment results show that the network anomaly detection based on SVM can not only detect a variety of high-intensity behavior of the scan effectively, but also has a lower FAR. Studying technology of feature analysis, a new method of feature selection based on adaptive feature weighted is presented, and it is applied into the intrusion feature selection with the technique of feature selection and the technique of SVM classification combined. The method can reduce the time complexity and space complexity and the situation of parameter trying is improved. The experiment results show that the detection precision rises obviously, meanwhile, the training time and the test time are also improved variously. The model has the ability to respond quickly, improving the accuracy and real-time effectively of the Intrusion Detection System.
【Key words】 intrusion detection; phase space reconstrunction; correlation dimension; SVM; kernel function; feature selection;