基于数据挖掘的入侵检测研究

发布时间：2018-03-09 01:00

本文选题：入侵检测　切入点：决策树　出处：《大连理工大学》2012年硕士论文　论文类型：学位论文

【摘要】：随着计算机网络技术的迅速发展,人们的工作、学习、生活变得越来越离不开计算机网络。与此同时,黑客攻击日益猖獗,网络安全问题日趋严峻,迫切需要各种网络安全技术来解决入侵攻击问题。入侵检测是继“信息加密”、“防火墙”等传统安全保护方法之后的新一代安全保障技术。作为一种主动防御的安全技术,入侵检测已经成为网络安全领域研究的热点,发展前景广阔。针对目前的入侵检测系统(IDS)准确度不高、自适应性差、检测效率低等问题,本文基于数据挖掘技术进行入侵检测研究,将分类、聚类、成分分析等多种数据挖掘方法综合应用于入侵检测过程中,以提高入侵检测系统的性能。本文首先分析了决策树方法应用于入侵检测系统的可行性,之后将C4.5决策树算法作为分类器应用于入侵检测的过程中,并设计了一个基于决策树的入侵检测系统模型,详细描述了模型中各模块的功能与设计。为提高系统性能,在模型中设计了“样本选择”和“特征提取”两个预处理过程。接着对“样本选择”和“特征提取”这两个预处理过程进行深入研究。分析了常用的几种样本选择方法的不足,提出一种基于聚类的样本选择方法。该方法先对各类训练数据分别进行聚类分析,达到细分数据的目的,在此基础上通过不同的策略选择每个簇的边界样本和典型样本。通过样本选择,提高了分类器的检测效率和泛化能力。接下来介绍了核主成分分析(KPCA)的基本原理,将其应用到入侵检测系统中,实现了对样本的特征提取,并比较其与主成分分析(PCA)的特征提取效果。针对KPCA存在的不足,提出一种用遗传算法改进KPCA的方法。通过遗传算法对提取出的特征进行优化选择,进一步提高了入侵检测系统的性能。最后在KDDCUP99数据集上的仿真实验,证明了本文各个研究的先进性。
[Abstract]:With the rapid development of computer network technology, people's work, study and life become more and more inseparable from computer network. There is an urgent need for various network security technologies to solve intrusion attacks. Intrusion detection is a new generation of security technology after traditional security protection methods such as "information encryption" and "firewall". Intrusion detection has become a hot topic in the field of network security and has a bright future. Aiming at the problems of low accuracy, poor adaptability and low detection efficiency in current intrusion Detection system (IDS), this paper studies intrusion detection based on data mining technology, classifying, clustering, and so on. Component analysis and other data mining methods are applied to the intrusion detection process to improve the performance of intrusion detection system. This paper first analyzes the feasibility of applying decision tree method to intrusion detection system, then applies C4.5 decision tree algorithm to intrusion detection process as classifier, and designs an intrusion detection system model based on decision tree. The function and design of each module in the model are described in detail. In order to improve the system performance, two preprocessing processes of "sample selection" and "feature extraction" are designed in the model. Then, the two preprocessing processes of "sample selection" and "feature extraction" are deeply studied, and the shortcomings of several commonly used methods of sample selection are analyzed. A method of sample selection based on clustering is proposed. On this basis, the boundary samples and typical samples of each cluster are selected by different strategies. The detection efficiency and generalization ability of the classifier are improved by sample selection. Then the basic principle of KPCA-based kernel principal component analysis (KPCA) is introduced. It is applied to the intrusion detection system, and the feature extraction of the sample is realized, and the feature extraction effect is compared with that of the principal component analysis (PCA). In this paper, a genetic algorithm (GA) is proposed to improve the performance of intrusion detection system (IDS) by optimizing and selecting the extracted features by genetic algorithm (GA). Finally, the simulation experiment on KDDCUP99 data set proves the advancement of each research in this paper.
【学位授予单位】：大连理工大学
【学位级别】：硕士
【学位授予年份】：2012
【分类号】：TP393.08;TP311.13

【引证文献】