基于粗糙集和离群点挖掘的网络入侵检测研究

发布时间：2018-04-05 05:44

本文选题：粗糙集　切入点：数据补齐　出处：《青岛科技大学》2014年硕士论文

【摘要】：随着互联网的迅速普及与广泛应用，网络的安全问题也日益严重。近年来，，作为维护网络安全的一项主要技术，入侵检测技术得到了广泛的关注。但是，现有的入侵检测系统还存在很多的问题，例如，系统的检测准确率低，但是误警率却居高不下。另外，系统不能实时地检测新的攻击。导致上述问题的主要原因之一就在于，现有的入侵检测方法并没有考虑到入侵检测系统本身所具有的不确定性和不完备性。入侵检测系统所面对的网络环境是相对开放和复杂的，因此系统具有不确定性、不完备性等特征。然而，现有的入侵检测方法通常假设其所处理的原始数据都是确定的和完备的，缺乏有效的机制来处理不确定和不完备数据。为了有效处理入侵检测系统所具有的不确定性和不完备性，本文将利用粗糙集理论来表示和处理入侵检测系统中的不确定和不完备数据，并且将粗糙集和离群点挖掘技术结合在一起来检测入侵。针对入侵检测系统中的不确定和不完备数据，我们基于粗糙集理论提出两种数据预处理算法：基于相对决策熵与加权相似性的数据补齐算法、基于近似决策熵的属性约简算法。在上述两种数据预处理算法基础上，我们进一步提出一种基于离群点挖掘的入侵检测方法，从而构建一种新的入侵检测模型。我们所构建的模型可以有效处理入侵检测系统中的不确定、不完备数据，从而可以在一定程度上解决现有的入侵检测系统所存在的问题。本文的工作主要包括以下几个方面：（1）提出一种基于相对决策熵与加权相似性的粗糙集数据补齐算法。针对现有的粗糙集数据补齐方法所存在的问题，本文提出一种新的加权相似性的概念，并使用相对决策熵来计算属性重要性，从而设计出一种基于相对决策熵与加权相似性的粗糙集数据补齐算法。我们在真实数据集上验证了该算法的有效性。（2）提出一种基于近似决策熵的属性约简算法。针对现有的基于信息熵的属性约简算法所存在的问题，本文提出了近似决策熵这一新的信息熵模型，并基于近似决策熵设计出一种新的属性约简算法。我们在多个UCI数据集上进行了实验，相对于传统的算法，我们的算法可以取得较小的约简和较高的分类精度，并且具有较低的计算开销。（3）提出一种基于离群点挖掘的入侵检测方法。我们对传统的基于距离的离群点检测算法进行改进，并将其应用于入侵检测中。针对传统的基于距离的离群点检测算法不能有效处理离散型属性的问题，本文基于粗糙集理论提出一种针对离散型属性的距离度量，并由此设计出相应的离群点检测算法。通过把入侵行为看作是离群点，我们将所提出的离群点检测算法应用于入侵检测中，从而得到一种新的无监督入侵检测方法。我们采用入侵检测领域中广泛使用的KDD Cup99数据集来验证该方法的有效性，相对于传统的方法，我们所提出的方法具有更好的入侵检测性能。
[Abstract]:With the rapid popularization of the Internet and the widespread application, the security problem of network is becoming more and more serious. In recent years, as a key technology to maintain network security, intrusion detection technology has been widely concerned. However, the existing intrusion detection system has many problems, for example, low accuracy of detection system, but the error alarm rate is high. In addition, the system can detect new attacks. One of the main reasons leading to these problems is that the current detection methods of intrusion detection system does not take into account the inherent uncertainty and incompleteness. The intrusion detection system in network environment is relatively open and complex. So the system has the uncertainty, incompleteness and other features. However, the current detection methods usually assume that the original data processing is determined and a complete lack of effective. The mechanism is used to deal with indeterminate and incomplete data.
In order to effectively deal with the intrusion detection system with uncertainty and incompleteness, this paper will use the rough set theory to represent and deal with the intrusion detection system with the uncertain and incomplete data, and the rough set and outlier mining combined intrusion detection. The intrusion detection system in uncertain and incomplete based on the data, we put forward the theory of two kinds of data preprocessing algorithm of rough set: the relative decision entropy and weighted similarity algorithms based on the data, the attribute reduction algorithm based on approximate entropy decision. In the two kinds of data preprocessing algorithms, we further propose an intrusion detection method based on outlier mining, in order to build a new intrusion detection model. We constructed the model can effectively deal with the uncertain intrusion detection system, incomplete data, which can be in a certain extent To solve the existing problems of the existing intrusion detection system.
The work of this article mainly includes the following aspects:
(1) presents a similar relative decision entropy and weighted based on the data filling algorithm of rough set based on rough set data completation method. The problems existing, this paper proposes a new weighted similarity concept, and using the relative decision entropy to calculate the attribute importance, then design a relative similarity based on the data entropy and weighted decision algorithms of rough set. We verify the effectiveness of the algorithm on real data sets.
(2) proposed an attribute reduction algorithm based on approximate entropy decision. In view of the existing attribute reduction algorithm based on information entropy of the existing problems, this paper proposes the approximate decision entropy is a new information entropy model, and approximate entropy decision to design a new attribute reduction algorithm based on our experiments. In multiple UCI data sets, compared with the traditional algorithm, our algorithm can achieve higher classification accuracy and smaller reduction, and has low computational overhead.
(3) proposed an intrusion detection method based on outlier mining. We have the traditional distance based outlier detection algorithm was improved, and its application in intrusion detection. Aiming at the distance outlier detection algorithm effectively deal with discrete attribute problem based on the traditional, this paper proposes a theory for discrete attribute distance metric based on Rough Set, and design a corresponding outlier detection algorithm. Through the intrusion behavior as outliers, we proposed outlier detection algorithm applied to intrusion detection, in order to get a new unsupervised intrusion detection method. We use KDD Cup99 data the use of intrusion detection in the field set to verify the effectiveness of the approach, compared with the traditional method, the performance of the intrusion detection method we proposed has better.

【学位授予单位】：青岛科技大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】