聚类分析在入侵检测中的应用研究

发布时间：2018-03-06 07:49

本文选题：入侵检测　切入点：数据挖掘　出处：《重庆大学》2014年硕士论文　论文类型：学位论文

【摘要】：伴随着计算机应用在全球各个领域的普及，网络通信正以其独特的方式快速地改变着人们的学习、工作和日常生活。面对飞速发展的网络技术，必须认识到：一方面，网络技术具有广阔的发展前景；另一方面，各种网络攻击与破坏日趋严重，，已经严重威胁着网络通信的正常运行。网络安全问题已经成为当今世界全球范围内的重要议题之一，如何高效地检测网络数据识别非法行为，对于维持系统和网络资源的安全性而言尤为重要。传统静态安全防御技术（例如：防火墙技术、数据加密技术等）能够解决系统安全方面的部分问题，但是对复杂多变、日新月异的网络攻击手段缺乏检测的主动性。因此，摒弃被动激发，能够主动检测的入侵检测技术应运而生。作为一种新型安全保障技术，入侵检测技术在入侵攻击行为危害到系统/网络的信息资源安全之前采取积极防御措施。因此，入侵检测系统已经成为网络信息安全方面的重要研究领域之一。但系统和网络数据的海量性和未知性是入侵检测进一步发展的一大挑战。能够从海量数据中提取有效信息的数据挖掘技术有效地解决了这一难题。其中，数据挖掘技术中的聚类分析方法的引入，增强了入侵检测系统在未标记数据集上建立检测模型从而发现异常数据的能力，对于提高检测系统的性能有重大的研究意义。本文以数据挖掘技术在入侵检测系统中的应用为相关理论基础，以聚类分析在入侵检测中的应用为核心，提出针对K-means聚类算法的改进算法。具体工作如下：首先，将数据独立程度概念引入实验数据子集构造理论中，利用独立程度评价属性的重要性，精简数据维数。然后，从传统K-means聚类算法出发，提出基于点密度的初始聚类方式，将数据集合并为若干初始类，结合最小支撑树聚类算法与传统K-means聚类算法实现分裂，从而克服了传统K-means聚类算法聚类初始中心选择难和K值确定的问题。最后，使用KDD Cup99数据集对改进算法在入侵检测中的应用进行仿真实验，结果表明：改进算法在检测率和误报率方面均优于传统K-means算法，有效地提高了入侵检测的检测性能。
[Abstract]:With the popularity of computer application in all fields of the world, network communication is changing people's study, work and daily life in its unique way. In the face of the rapid development of network technology, we must realize: on the one hand, Network technology has a broad prospect of development; on the other hand, all kinds of network attacks and destruction are becoming more and more serious, which has seriously threatened the normal operation of network communications. Network security has become one of the most important issues in the world today. How to detect network data efficiently to identify illegal behavior is particularly important for maintaining the security of systems and network resources. Data encryption technology can solve some problems in system security, but lack of initiative to detect complex and changing network attack methods. As a new type of security technology, intrusion detection technology takes active defense measures before intrusion attack endangers the security of information resources of system / network. Intrusion detection system (IDS) has become one of the most important research fields in network information security. However, the magnanimity and uncertainty of system and network data is a great challenge for the further development of intrusion detection. The data mining technology, which can extract effective information from massive data, effectively solves this problem. The introduction of clustering analysis method in data mining technology enhances the ability of intrusion detection system to establish detection model on unmarked data set to find abnormal data. This paper takes the application of data mining technology in intrusion detection system as the theoretical basis and the application of clustering analysis in intrusion detection system as the core. An improved K-means clustering algorithm is proposed. The specific work is as follows:. Firstly, the concept of data independence is introduced into the theory of experimental data subset construction, and the importance of attribute evaluation is used to simplify the data dimension. Then, based on the traditional K-means clustering algorithm, An initial clustering method based on point density is proposed. The data set is merged into some initial classes and split between the minimum support tree clustering algorithm and the traditional K-means clustering algorithm. In order to overcome the traditional K-means clustering algorithm clustering initial center selection and K value determination problems. Finally, using KDD Cup99 dataset to improve the application of the algorithm in intrusion detection simulation experiment, The results show that the improved algorithm is superior to the traditional K-means algorithm in detection rate and false positive rate, and improves the detection performance of intrusion detection effectively.
【学位授予单位】：重庆大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08;TP311.13

【引证文献】