基于概率模型的网络入侵检测技术研究

发布时间：2018-02-25 23:34

本文关键词： 入侵检测支持向量数据描述贝叶斯参数估计单类模型概率模型　出处：《西北农林科技大学》2014年硕士论文　论文类型：学位论文

【摘要】：入侵检测作为新一代网络信息安全技术，经过多年的发展，已被广泛应用。而如何提高检测算法的有效性，进一步降低误警率和漏报率，还需更加深入的研究。在入侵检测的研究中，应用模式识别的方法是目前的一个重要方向；并且，考虑到入侵检测数据的随机性和不平衡性，单类概率模型更加符合该问题。考虑入侵检测数据的不平衡性，随机性，本文将支持向量数据描述模型及其改进贝叶斯数据描述模型应用于入侵检测问题中。同时，采用主成份分析相关技术对其进行等方差处理，使之更加符合模型的假设，从而实现模型的改进。其主要内容如下：（1）考虑入侵检测数据的不平衡性，支持向量数据描述这一单类模型被应用于入侵检测中；考虑入侵检测数据的随机性，以及前后的关联性，，本文对基于支持向量数据描述模型采用贝叶斯参数估计改进的贝叶斯数据描述模型进行了研究。实验结果表明，这两个模型的检测准确率达到了80%，从而说明这两个模型应用于入侵检测问题中的可行性；而且，对于不同的数据，贝叶斯数据描述模型较支持向量数据描述模型表现出了更高的稳定性，从而证明概率模型应用于入侵检测问题中的优越性。（2）由于以上两个单类模型均基于数据的超球分布假设，所以本文考虑采用主成份分析技术，对入侵检测训练数据在各个方向上做等方差处理，使数据呈现超球分布，从而更加符合模型假设，最终实现模型的优化。同时，在确定最终的分类阈值时，考虑存在负例样本的情况下，采用支持向量机方法对其训练，从而消除原始试验性方法的主观性。基于以上两方面，最终得到了本文改进的概率模型。（3）为了测试本文改进的模型在入侵检测问题的应用效果，基于标准入侵检测数据集，设计相关实验。实验结果表明，通过基于主成份分析技术的等方差处理改进后，其平均检测率达到了87.46%，有接近10%的提高；同时，将改进的概率模型与其他传统模型进行比较，发现其检测效果已超越部分二分类模型。由以上结果可得，本文改进的模型应用于入侵检测问题中具有良好的效果，入侵检测率有较大的提高。
[Abstract]:As a new generation of network information security technology, intrusion detection has been widely used after years of development. However, how to improve the effectiveness of detection algorithm and further reduce the false alarm rate and false alarm rate, In the research of intrusion detection, the application of pattern recognition is an important direction, and considering the randomness and imbalance of intrusion detection data, the single-class probabilistic model is more consistent with this problem. Considering the imbalance and randomness of intrusion detection data, this paper applies the support vector data description model and its improved Bayesian data description model to the intrusion detection problem. The principal component analysis (PCA) technique is used to treat the model with equal variance to make it more consistent with the assumptions of the model, thus the improvement of the model is realized. The main contents are as follows:. 1) considering the imbalance of intrusion detection data, the support vector data description model is applied to intrusion detection, considering the randomness of intrusion detection data and the correlation between them. In this paper, the Bayesian data description model based on support vector data description model using Bayesian parameter estimation is studied. The experimental results show that, The detection accuracy of the two models is 80%, which shows the feasibility of applying the two models to the intrusion detection problem; moreover, for different data, Bayesian data description model is more stable than support vector data description model, which proves the superiority of probabilistic model in intrusion detection. 2) since the above two single-class models are based on the supposition of hypersphere distribution of data, this paper considers the use of principal component analysis (PCA) technology to deal with the same variance in all directions of the intrusion detection training data, so that the data present hypersphere distribution. This method is more consistent with the hypothesis of the model, and finally realizes the optimization of the model. At the same time, when determining the final classification threshold, considering the existence of negative samples, support vector machine (SVM) is used to train the model. Therefore, the subjectivity of the original experimental method is eliminated. Based on the above two aspects, the improved probabilistic model is obtained. In order to test the application effect of the improved model in the intrusion detection problem, the experiment is designed based on the standard intrusion detection data set. The experimental results show that the method is improved by the equal-variance processing based on principal component analysis (PCA). The average detection rate has reached 87.46%, with an increase of nearly 10%. At the same time, by comparing the improved probability model with other traditional models, it is found that the detection effect of the improved probability model has exceeded that of the partial two-classification model. The improved model has a good effect in intrusion detection, and the detection rate is greatly improved.
【学位授予单位】：西北农林科技大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【相似文献】