基于加权朴素贝叶斯的网络异常检测系统设计与实现

发布时间：2018-03-17 18:14

本文选题：网络异常检测　切入点：朴素贝叶斯　出处：《山东师范大学》2016年硕士论文　论文类型：学位论文

【摘要】：自20世纪70年代计算机网络技术出现以来,直到目前网络技术已经深入到生活的方方面面,计算机网络已经成为生活中必不可少的组成部分。然而在享受网络带来便利的同时,网络上层出不穷的网络病毒、木马、黑客、网络犯罪等事件也给网络安全带来极大的威胁,尤其是当今生活中网络世界与现实世界不断融合,诸如电子交易、网上支付等行为从一定程度上增加了网络安全的重要性,因此越来越多承载此类业务的网络便成为了攻击的重点。根据2016年的CNCERT互联网安全威胁报告显示,网络安全事件发生次数每年都在增长,攻击方式趋于多样化,给广大网民的生活造成了重大的损失。为减少网络攻击带来的重大损失我们有必要开发相关系统和产品来维护网络安全,打击网络犯罪。针对网络犯罪事件的不断发生,首先要做到是防患于未然,而网络异常检测是预防网络攻击的常用方法,该方法是在网络攻击造成重大危害前有效地检测到攻击行为以便做好相关预防措施。本文结合改进的朴素贝叶斯理论以及WinPcap技术、C/S技术架构、SQL Server 2008数据库技术、Visual Studio 2010开发平台,使用C#语言开发了一种基于加权朴素贝叶斯的网络异常检测系统。本文主要工作包括以下几点:(1)在查阅大量国内外相关参考文献的基础上,分析了目前网络异常检测系统的背景及发展现状,深入研究了网络异常检测的相关技术和理论依据,明确了系统的设计目标。依据系统设计目标进行了需求分析,包括功能性需求和非功能性需求。(2)提出一种改进的加权朴素贝叶斯算法用于网络异常检测,并应用于网络异常检测系统。论文首先对系统进行了概要设计,包括系统的技术架构和功能架构,然后确定了系统的功能模块,包括数据采集模块、数据存储模块和数据分析模块,并确定了每个模块的技术要求和模块间的工作流程。(3)系统采用C/S架构,编程实现基于加权朴素贝叶斯的网络异常检测系统。在实验室局域网环境下,通过模拟常见网络攻击对目标主机进行模拟攻击,对系统进行测试。测试结果显示,本系统能够较准确检测出常见的网络攻击,具有较高的检测准确率和检测速度。
[Abstract]:Since the advent of computer network technology in 1970s, until now, network technology has penetrated into all aspects of life, computer network has become an essential part of life. However, while enjoying the convenience of the network, The endless network viruses, Trojans, hackers, cyber crimes and other events on the network also pose a great threat to the network security, especially in today's life, the network world and the real world continue to merge, such as electronic transactions. Online payment and other activities have increased the importance of network security to some extent, so more and more networks carrying such services have become the focus of attacks. According to the CNCERT Internet Security threat report of 2016, The number of cyber security incidents is increasing every year, and the attacks tend to be diversified. It has caused great losses to the lives of the majority of Internet users. In order to reduce the heavy losses caused by cyber attacks, it is necessary to develop relevant systems and products to maintain network security and crack down on cybercrime. In view of the continuous occurrence of cyber crimes, The first thing to do is to prevent trouble in the first place, and network anomaly detection is a common method to prevent network attacks. This method is to detect the attack behavior effectively before the network attack causes serious harm in order to do a good job of preventive measures. This paper combines the improved naive Bayes theory and the WinPcap technology to construct the SQL Server 2008 database technology and the Visual Studio 2010 development platform, which is based on the improved naive Bayes theory and the C / S technology. A network anomaly detection system based on weighted naive Bayes is developed by using C # language. This paper analyzes the background and development of the network anomaly detection system, deeply studies the related technology and theoretical basis of the network anomaly detection, defines the design goal of the system, and analyzes the requirements according to the system design goal. This paper presents an improved weighted naive Bayes algorithm for network anomaly detection, and applies it to the network anomaly detection system. It includes the technical framework and functional architecture of the system, and then determines the functional modules of the system, including the data acquisition module, the data storage module and the data analysis module. The technical requirements of each module and the working flow between modules are determined. The system adopts C / S architecture and is programmed to realize the network anomaly detection system based on weighted naive Bayes. The system is tested by simulating the common network attacks on the target host. The test results show that the system can detect the common network attacks accurately and has a high detection accuracy and detection speed.
【学位授予单位】：山东师范大学
【学位级别】：硕士
【学位授予年份】：2016
【分类号】：TP393.08

【参考文献】