基于数据挖掘的入侵检测系统研究与实现

发布时间：2018-03-11 15:45

本文选题：入侵检测系统　切入点：数据挖掘　出处：《浙江工业大学》2014年硕士论文　论文类型：学位论文

【摘要】：随着社会的快速发展,互联网逐渐成为人们日常生活必不可少的一部分,而随之产生的网络安全问题也日益受到重视。作为主动防御体系的入侵检测技术,是网络安全的重要组成部分,也是互联网的一个重要研究领域。本文针对传统入侵检测系统无法识别未知攻击的问题,提出了支持向量机(Support Vector Machine, SVM)与分类集成技术相结合构建入侵检测模型的方法,将数据挖掘应用于入侵检测系统构建。在对网络数据特征提取过程中,提出基于负载的特征提取方案,然后运用之前的方案构建分类器进行分类,从而提高了检测率与降低了误报率。论文主要工作描述如下： 1)提出了一种恶意数据包负载集特征提取方法。本文采用数据挖掘技术应用与入侵检测系统中,对于数据挖掘技术,尤其是本文使用的分类技术,数据的特征选取对最终的分类效果有着至关重要的影响,因此,本文提取了网络数据中的有效特征,该特征集经过实验检验,对恶意网络数据包负载及恶意代码等具有良好的检测效率。 2)分类器构造。分类器是直接决定分类效果的重要因素,也直接影响着检测系统的性能。本文结合分类器集成的技术,使用支持向量机作为主要分类技术,提出了效果良好的集成分类器构造方法,并实验证明,相对经典的Bagging和Boosting算法,该方法具有良好的精确度、误报率以及泛化性能。 3)入侵检测系统设计及实现。本文整合以上的特征提取以及分类器构造的方案,设计并实现了一个入侵检测系统,实现了对网络数据的捕获,分析,检测分类以及报警的功能。
[Abstract]:With the rapid development of society, the Internet has gradually become an indispensable part of people's daily life, and the resulting network security issues have been paid more and more attention. As an active defense system, intrusion detection technology, It is an important part of network security and an important research field of Internet. Aiming at the problem that traditional intrusion detection system can not recognize unknown attacks, this paper proposes a method of constructing intrusion detection model by combining support vector machine support Vector machine with classification integration technology. In the process of feature extraction of network data, a load-based feature extraction scheme is proposed, and then the former scheme is used to construct classifier for classification. The detection rate is improved and the false positive rate is reduced. The main work of the thesis is as follows:. 1) A method of feature extraction of malicious data packet load set is proposed. In this paper, data mining technology is used in intrusion detection system, especially for data mining technology, especially the classification technology used in this paper. The feature selection of the data has an important influence on the final classification effect. Therefore, this paper extracts the effective features from the network data, and the feature set is tested by experiments. It has good detection efficiency for malicious network packet load and malicious code. 2) classifier construction. Classifier is an important factor that directly determines the classification effect and directly affects the performance of the detection system. In this paper, support vector machine (SVM) is used as the main classification technology combined with the classifier integration technology. A good method of constructing integrated classifier is proposed. Compared with the classical Bagging and Boosting algorithms, the method has good accuracy, false alarm rate and generalization performance. 3) the design and implementation of intrusion detection system. This paper integrates the above schemes of feature extraction and classifier construction, designs and implements an intrusion detection system, realizes the functions of network data acquisition, analysis, detection, classification and alarm.
【学位授予单位】：浙江工业大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08;TP311.13

【参考文献】