

Research on Intrusion Detection Method Based on Real-Coded Genetic Neural Network

【作者】 周梦熊

【导师】 孙名松;

【作者基本信息】 哈尔滨理工大学 , 计算机应用技术, 2007, 硕士

【摘要】 随着科技进步和计算机网络技术的发展,网络时代来临了,它的到来彻底改变了人们的生活方式,越来越多的人融入到了网络,享受着网络带给人们的种种便利。但同时随着互联网规模的迅速扩大,安全问题已经成为一个互联网发展中无法回避的核心问题。传统的网络安全模型己经不能适应网络技术的发展,PPDR模型应运而生。入侵检测作为PPDR模型的重要组成部分,是对防火墙、数据加密等安全保护措施的有效补充,能够识别针对计算机和网络资源的恶意企图和行为,并做出及时响应。入侵检测分析技术是入侵检测系统的核心,主要可分为异常入侵检测和误用入侵检测。针对入侵检测系统中存在的高漏报率、误报率问题,本文提出一种基于实数编码遗传神经网络的分类检测器同步检测模型,该模型基于异常入侵检测;同时提出数据预处理过程中样本精简的方法,该方法能够有效压缩样本数据;最后,我们利用实数编码遗传算法的强全局搜索能力和BP网络局部精确搜索的特性,将实数编码遗传算法和BP算法有机结合,利用遗传算法优化网络初始权重,使训练好的网络作为一个分类检测器能更有效地检测入侵。实数编码遗传算法与BP算法的有机结合可以克服BP算法收敛速度慢、易陷入局部极小点等缺陷,同时也省去了二进制编码遗传算法在进化过程中的个体编码、解码操作。研究表明,该方法效果良好,学习速度快,分类准确率高。

【Abstract】 With the advancement of science and technology and the development of computer network techniques, the Internet age is coming. It’s arrival has completely changed people’s way of life, and more and more people had been engaged in the network,enjoying the various conveniences that network brings. However, as the Internet is rapidly expanding, the security issue has become the core issue that can not be ignored in the internet development.Traditional network security model can not fit the development of network technology, PPDR model emerged as the age requires. Intrusion detection is an important composed part in PPDR model. It makes up for security protection measures about firewall and data encryption. It can identify malicious intention and act to the computer and network resources, and make an instant response. Intrusion detection analysis technology is the core of intrusion detection system which includes abnormity intrusion detection and abused intrusion detection.Considering the problem of high rate of false negatives and false positives of IDS, this thesis presents a kind of synchronous detection model of classification detector, which is based on the real-coded genetic neural network and is a kind of abnormity intrusion detection. Meanwhile, a method of sample streamlining in the data pretreatment process has also been presented, by which sample data can be effectively compressed. Finally, in order to take advantage of both the traits that the real-coded genetic algorithms are good at global searching, and the great performance of the back propagation (BP) in accurate local searching, we join the real-coded genetics algorithm and BP algorithm together to optimize the initial weights of BP with GA. And then the trained network can be used as a separate detector, which is more effective in intrusion detection. Their effective combination can overcome the shortcomings of slow constringency rate and immersion minim value of the traditional BP algorithm, and omit the individual’s coding and decoding operations of binary-coded genetic algorithms during evolvement process. The research shows that this technology is well, and it has the advantages of rapid learning rate and high classify accuracy.

  • 【分类号】TP393.08;TP183
  • 【被引频次】3
  • 【下载频次】264