节点文献
基于数据挖掘的智能入侵检测系统研究
An Intelligent Model of Intrusion Detection System Based on Data Mining Approach
【作者】 步新玉;
【导师】 刘东苏;
【作者基本信息】 西安电子科技大学 , 情报学, 2009, 硕士
【摘要】 随着网络的日益普及和发展,网络已经渗透到社会生活的各个角落,网络带给人们方便的同时也带来一系列的安全问题。入侵检测系统是网络安全体系的重要一环。计算机安全问题日益突出,对入侵检测系统提出了更高的要求。然而,传统的入侵检测系统在有效性、适应性、可扩展性、自学习性等方面都存在不足。数据挖掘能从大量的、有噪声的、随机的数据中提取出有用的信息,而代理技术可使入侵检测系统具有清晰的系统结构、良好的可扩展性和可移植性。本文对数据挖掘技术和智能检测代理在入侵检测系统中的应用进行研究,提出了一个基于数据挖掘、Agent技术的入侵检测系统框架。该原型设计了基于多代理间相互通信协同检测的体系框架,通过各代理的协同检测,构建了一个层次化的防护体系构架。利用移动Agent的智能性、移动性,在网络节点间进行迁移检测入侵。本文提出了基于聚类分析和SVM的入侵检测算法,有效地减少了大规模数据的训练时间,并在保证分类精度的前提下提高了SVM的判别效率。
【Abstract】 With the popularity and development of the Internet, the Internet has penetrated into every corner of our social. The network has brought convenience to the people, but it also created a series of safety problem at the same time. The system of intrusion detection is an important part for network’s security. The computer criminal is more and more pressing and dangerous nowadays, which poses urgent demands on the performance of IDS. However, current intrusion detection systems lack effectiveness, adaptability extensibility and ability of self-study.Mining data can get useful information from vast, noisy and random data, and the Agent helps the intrusion detection system get clear system structure, good expansibility and portability. The application of data mining and agent technique in intrusion detection system will be studied in this paper, and a framework based data mining and agent technique will be put forward. An architecture based on inter-communications and coordinated detection among multiple agents is designed in this prototype. By the collaboration of these agents, we construct a hierarchical defending system. Intellectuality and transferability mobile Agent is utilized to move and detect intrusion among network nodes. This paper proposes a new SVM algorithm based on clustering to reduce the training time of large-scale data, and improve the detection speed of SVM while guaranteeing the accuracy of classification.
【Key words】 Intrusion Detection; Data Mining; Agent; Clustering Method; SVM;