节点文献

基于朴素贝叶斯和One-R的入侵检测问题研究

The Research of Intrusion Detection Based on Naive Bayes and One-R

【作者】 王翔

【导师】 胡学钢;

【作者基本信息】 合肥工业大学 , 计算机应用技术, 2008, 硕士

【摘要】 开放式网络环境使人们充分享受网络的便捷,与此同时,各种针对网络的攻击与破坏日益增多。作为保障网络安全的必要手段之一的入侵检测系统(IDS),正受到越来越多重视。从数据挖掘角度看,入侵检测就是对网络审计数据进行分类的过程,作为入侵检测系统核心的分类算法成为数据挖掘研究的关键问题。由于入侵手段的不断演变以及入侵检测审计数据具有高维、海量、属性冗余等特点,使得经典分类模型实时性无法保证,训练周期长,检测正确率不高。为增强入侵检测分类模型实时性,提升时间性能与精度,本文以朴素贝叶斯分类模型为基础,开展了入侵检测分类问题研究。主要工作如下:(1)概述了数据挖掘技术在入侵检测中应用,研究了经典贝叶斯分类算法以及入侵检测常见属性选择方法,并进行实验对比分析。(2)针对朴素贝叶斯分类器条件独立性假设的要求,为消除入侵检测审计数据中冗余及不相关的属性,提升分类器性能,将One-R思想引入朴素贝叶斯入侵检测分类模型的研究中,提出了朴素贝叶斯分类模型监督下,基于One-R的两阶段属性选择方法(One-R-BF),实验表明One-R-BF优于入侵检测常用属性选择方法。(3)针对入侵检测对分类算法实时性的要求,在One-R-BF算法的基础上提出基于One-R快速属性选择的朴素贝叶斯分类算法(One-R-NBC),并应用于入侵检测中。实验表明,One-R-NBC时空性能与分类精度均优于C4.5算法,特别是当分类器需要更新时,One-R-NBC实时性较C4.5算法有明显优势。(4)针对朴素贝叶斯分类器可能出现的过拟合问题,采用分布式思想,改进One-R-NBC算法,提出了分布式朴素贝叶斯分类器(D-One-R-NBC),实验表明,D-One-R-NBC是有效的并在一定程度上避免分类器过拟合问题。

【Abstract】 Open network environment helps people fully enjoy the convenience of the network。However, in the mean time, all sorts of attacks, aimed at destroying the network, are increasing day by day. The Intrusion Detection System (IDS), one of the critical techniques to protect the security of network, is being made much account of. In the sight of Data Mining (DM), Intrusion Detecting is the processes of classifying audit data. The algorithms of Intrusion Detecting Classification, the core of the IDS, are being hot studied by the DM researchers. The rapid changes of intrusion techniques as well as the Intrusion Detection Audit data, huge with high dimensional and full of redundant attributes, cause unwarranted to real-time, long training period, as well as low detecting rate. With the motivation of improving the performance of real-time and enhancing time performance and precision of detecting model, we start our research towards Intrusion Detection based on the Na(?)ve Bayes.The contributions of this dissertation are as follows:(1)The application of Data Mining techniques in the Intrusion Detection was summarized firstly. Many popular adopted feature selection methods and classic Bayesian classification algorithms are analyzed, combined with experimental analysis.(2)Considering the requirement of conditional independent hypothesis of Naive Bayes Classifier and aiming at eliminating redundant and irrelevance attributes from Intrusion Detection audit data, the theory of One-R was brought into the research of Nai’ve Bayes Intrusion Detection classifier. Therefore, A two-step method for feature selection, based on the One-R and supervised by the Naive Bayes, is proposed(One-R-BF for short).Experiment shows that One-R-BF is superior to other feature selection methods for Na(?)ve Bayes Classifier.(3)Consequently, in order to conform to the requirement of real-time performance, a Naive Bayse Classifier combined with One-R-BF is presented (One-R-NBC for short) and applied to Intrusion Detecting. Experiment shows that One-R-NBC has a lower cost and better precision than C4.5. While it’s critical to update the classifier model, the real-time performance of One-R-NBC is much better than that of C4.5. (4)Finally, a distributed method is adopted to improve the One-R-NBC, targeting at solving the possible over fitting problem of the classification model. According to the experiment, this new method (D-One-R-NBC) is efficient and somewhat avoid the problem of over fitting.

  • 【分类号】TP181
  • 【被引频次】2
  • 【下载频次】103
节点文献中: