节点文献

基于聚类和协议分析的入侵检测系统的研究与设计

Research and Design of Intrusion Detection Based Clustering and Protocol Analysis

【作者】 莫乐群

【导师】 姚国祥;

【作者基本信息】 暨南大学 , 计算机应用技术, 2006, 硕士

【摘要】 在网络安全问题日益突出的今天,如何迅速而有效地利用基于数据挖掘的入侵检测系统发现各种入侵行为,对于保证系统和网络资源的安全十分重要。以聚类为代表的无监督异常检测方法可以在无标记数据集上发现异常数据,克服了传统数据挖掘方法的缺陷,使标记数据集和入侵检测建模过程自动化,成为了入侵检测的有力工具。但是数据挖掘技术具有滞后性,无法实时地对入侵行为做出判断,而实时性却又是入侵检测技术所强调的,因此如何提高检测效率是基于数据挖掘技术的入侵检测系统所必须解决的一个问题。 为了提高聚类算法的效率,根据数据包具有高度的协议规则性的特点,本文提出了一种新的入侵检测系统的设计,将协议分析技术融合到聚类数据挖掘中。通过数据清洗和协议分析不但可以更加快速地检测出入侵行为,有效减少聚类挖掘的数据量,而且可以让挖掘数据更加符合聚类数据挖掘的先决条件。另外,针对聚类挖掘的技术的改良,也使得聚类数据挖掘的检测率与误警率有了一定程度的改善。 本文的研究不仅是一种可供参考的网络安全解决方案,而且更是对入侵检测技术发展的一种新的探索。相信随着研究的不断深入,这种复合型的检测技术必将变得更加完善,其应用前景也必将更加广阔。

【Abstract】 With the severity of the network security problem, how to use the data mining-based intrusion detection system to find intrusion activities efficiently and quickly has become important to the security of system and network resource. Unsupervised anomaly detection methods can detect the anomaly records in unlabled dataset. It can overcome the shortcoming of the traditional data mining methods, and automate the labeling and creating process of the intrusion detection model. It has become the useful tool of the intrusion detection. Clustering is the representation of unsupervised anomaly detection methods. But the data mining-based technique has it shortcoming of the real time detection which is an important part in the intrusion detection, because it can not judge whether the action is normal or not. So how to improve the detection efficiency of the data mining-based intrusion detection system is the most important thing.Because of the altitudinal regularity of the network protocol of the data package, a new intrusion detection system is suggested, in order to improve the efficiency. The protocol analysis technique is suggested to be attached to the Clustering data mining system. On the one hand, it can take out the illegal data efficiently and reduce the amount of data set which is to be clustered, on the other hand, it can make the data set measure up the hypothesis of the Clustering data mining technique. In the new intrusion diction system, the Clustering technique is also improved, and it makes the work more efficient.The research of the new intrusion detection system is not only to propose a network security resolvent, but also to take an exploration of the development of intrusion detection technique. With the continue

  • 【网络出版投稿人】 暨南大学
  • 【网络出版年期】2007年 05期
  • 【分类号】TP393.08
  • 【被引频次】4
  • 【下载频次】172
节点文献中: