【作者】 张家柏；

【导师】 王小玲；

【作者基本信息】 中南大学 ， 计算机应用技术， 2010， 硕士

【摘要】 现代社会,随着计算机技术与通信技术的发展,计算机的应用越来越广泛,但同时网络安全问题也日益突出。传统的安全保护措施如防火墙、数据加密等已不能完全满足网络安全的需要。入侵检测是一种新的安全技术,相对于传统的安全措施,它是一种基于主动防御的技术,在网络系统受到危害之前能够检测入侵和异常,并作出相应的响应措施。入侵检测的关键在于有效地收集数据,并对各种行为进行分析。然而,网络环境中各种攻击与破坏与日俱增和网络数据的海量化为入侵检测带来了很大的困难。数据挖掘的引入为入侵检测提供了很好的手段。以往的基于数据挖掘的入侵检测方法要求训练集中的数据已经过标记并且数据样本是“干净”的。聚类是一种无监督的学习方法,可以在未标记数据集上建立检测模型或发现异常数据,克服了传统数据挖掘方法的缺陷。基于上述研究背景,本文开展了基于聚类技术的入侵检测的研究,首先对入侵检测技术和聚类进行了介绍与分析,探讨了聚类算法在入侵检测中的应用。针对传统模糊C-均值聚类算法在入侵检测应用中存在的问题,如对初始值敏感、易陷入局部最优等,本文引入带交叉操作的微粒群算法对其优化,提出一种改进的模糊C-均值算法。采用KDD CUP1999数据集中的数据对改进后的算法进行实验,结果表明,算法具有较好的入侵检测效果。特征选择被广泛用来降维和去除不相关特征,它一般用来作为分类工作的预处理步骤,通过消除不相关和冗余的特征,可以避免维灾难,提高运算速度和降低计算代价。入侵检测中的数据具有高维性和数据特征复杂等特点,这样特征选择在入侵检测中的应用非常有必要。本文提出了一种基于聚类和微粒群的特征选择方法,采用KDD CUP1999数据集进行实验,实验结果表明,本文算法加快了特征选择的速度,所选择的特征子集具有较好的分类效果。更多还原

【Abstract】 In the modern society, with the development of computer and communication technology, computers are widely used, but network security issues are also increasing prominently. Traditional security measures such as firewalls, data encryption can not fully meet the needs of network security. Intrusion detection is a new kind of security technologies, as opposed to traditional security measures, it is a technology based on active defense, it can detect intrusion and exceptions before the network system suffers the hazards, and make appropriate response. The key of intrusion detection is to effectively collecting data and analyzing a variety of behaviors. However, as well as the growing of all kinds of attacks and destructions, the massing of network data brings great difficulties to intrusion detection. The introduction of data mining provides a good means for intrusion detection. The past intrusion detection based on data mining method requires the training set data and the data sample which has been labeled. Clustering is an unsupervised learning method; you can establish the detection model or discover abnormal data on unlabeled dataset, so it can overcome the shortcomings of traditional data mining methods.Based on the above study background, this paper carried out research on intrusion detection based on clustering technology. First introduced intrusion detection technology and clustering and analyzed the clustering algorithm in intrusion detection. In view of the problems that exit in the traditional fuzzy C-means clustering during the application of intrusion detection, such as sensitive to initial value, easy to fall into local optimum, we introduce particle swarm optimization algorithm with cross-operation to combine with it, forming a modified fuzzy C-Means algorithm. Using KDD CUP 1999 data set to test the improved algorithm, the experimental results show that the algorithm has better intrusion detection.Feature selection is widely used in dimension reduction and removal of irrelevant features, it is generally used as a classification preprocessing step, by eliminating irrelevant and redundant features, it can avoid dimension disaster, and improve processing speed and reduce the computational cost. Feature selection in intrusion detection is necessary for the high dimensional and complex features of intrusion detection data. This paper presents a feature selection method based on particle swarm and clustering. The results of experiment using KDD CUP 1999 show that the algorithm can speed up the rate of feature selection and the selected feature subset has better classification results.更多还原