节点文献

基于遗传网络的分类规则挖掘在入侵检测系统中的应用

Network Intrusion Detection Using Class Association Rule Mining Based on Genetic Network Programming

【作者】 陈辞

【导师】 薛质;

【作者基本信息】 上海交通大学 , 通信与信息系统, 2010, 硕士

【摘要】 随着Internet的飞速发展,计算机网络安全成为了一个全球性的热点课题。计算机网络是全世界的重要信息基础设施,每年因为计算机网络的安全性遭到破坏而造成的损失都十分巨大。网络安全问题受到了全球的普遍关注。网络入侵检测系统(Network Intrusion Detection System, NIDS)作为一种主动的信息安全保障措施,有效地弥补了访问控制、防火墙等传统安全保护技术的缺陷,能有效地检测到入侵企图和入侵行为,越来越受到产业界和学术界的关注。作为NIDS的研究,其重点与难点就在于:(1)如何对大规模的网络数据进行处理;(2)如何降低对已知攻击的误报率和漏报率;(3)如何提高对未知新攻击的检测率。对于NIDS,有着许多不同的研究方法,其中包括智能IDS,例如神经网络、遗传算法、代理技术、免疫系统、数据挖掘等。本研究将提出一种基于遗传网络编程(Genetic Network Programming,GNP)的分类关联规则挖掘方法,并探究这一方法在网络入侵检测系统中的应用。研究内容主要基于NIDS本身的难点的问题,具体的研究工作体现在:(1)利用有效的方法来处理大规模的网络数据,其中包括子属性效用、连续性数据的模糊化等方法;(2)针对已知攻击与未知攻击分别提出了分类关联规则挖掘算法及其相应的分类算法;(3)针对有效降低误报率和漏报率这两项重要指标,提出了可行的算法。基于上述算法,本文还进一步探究了NIDS系统的效率提高问题,主要包括利用子属性频率机制的特征选取以及模糊分类关联规则挖掘算法的比较与优化,使得NIDS系统的有效性得到提高。

【Abstract】 Computer Systems are exposed to an increasing number and type of security threats due to the expanding of internet in recent years. How to detect network intrusions effectively becomes an important techniques. The purpose of our research is to propose a new data mining approach based on Genetic Network Programming (GNP) for the network intrusion detection problem with high detection rate.This thesis presents a novel fuzzy class association rule mining method based on Genetic Network Programming(GNP), which can be flexibly applied to both misuse and anomaly detection in Network Intrusion Detection Problem. By combining fuzzy set theory with GNP, the proposed method can deal with the mixed database which contains both discrete and continuous attributes. In addition, sub-attribute utilization mechanism is proposed to avoid the information loss. Meanwhile, new GNP structure for association rule mining is build up so as to conduct the rule extraction step. What’s more, a new fitness function which provides the fexibility of mining more new rules or mining rules with higher accuracy is given to adapt to different kinds of detection.After the extraction of class association rules, these rules are used for classification. Two different kinds of classiers are built up respectively for new connection data classication in this research. Experimental results with KDD99Cup and DAPRA98 databases from MIT Lincoln Laboratory show that the proposed method provides a competitively high detection rate compared with other machine learning techniques. Besides, this thesis will further explore the possibility of improving network intrusion detection systems’ efficiency. By applying the characteristic choosing and optimizing Fuzzy class association rule mining algorithm based on GNP, systems’ efficiency is gradually improved.

节点文献中: