基于聚类与支持向量机多分类的WSN入侵检测研究

发布时间：2018-04-09 16:35

本文选题：无线传感器网络　切入点：支持向量机　出处：《中国计量学院》2014年硕士论文

【摘要】：近些年来，网络入侵方法层出不穷，而对节点能量和处理能力有限的无线传感器网络而言，其入侵手段更是防不胜防。针对WSN中常出现的Hello洪泛攻击、黑洞攻击、选择性转发攻击、DoS攻击和Sybil攻击，本文提出了基于聚类与SVM多分类的纠错输出编码算法，该算法可以在较低时间复杂度的基础上有效地检测出以上攻击中的两种，为攻击的误用检测提供了有效的途径。本文所做的工作以及研究成果如下：（1）在构造改进型H-ECOC-SVM纠错输出编码矩阵时，同时引入了Hadamard编码和稀疏型随机编码两种思想，为了增强编码矩阵的可用性和入侵检测的准确性，在对编码矩阵进行构造时考虑到了各列间的相关性以及各行间的汉明距离等影响因素，使各列间互不相关、各行间的最小汉明距离尽可能最大，来满足SVM分类器的训练要求，为构建最优SVM二分类器奠定了良好的理论基础。（2）在分类器的构建方面，采用网格搜索和五折交叉验证法进行核参数和惩罚参数的求取，并根据H-ECOC-SVM矩阵的编码规则，把一个多类分类问题分解为多个两类问题来进行求解，，这种方法不仅减小了需要求取的分类器参数的个数，而且简化了单个分类器的训练模型，为多类攻击的检测带来了较大的便利。（3）在特征提取之前，首先使用聚类算法对测试数据集进行一个初始的攻击检测，在不存在攻击的情况下，该方法节省了一定的时间和能量消耗。PCA分析法在对训练和测试数据进行主成分分析时，对特征向量的数据维数进行了分析提取，该过程减少了分类器的运算时间和工作量，满足了入侵检测对时间复杂度的要求。（4）对Hello洪泛攻击、黑洞攻击、选择性转发攻击、DoS攻击和Sybil攻击进行检测时，实现了三种攻击的检测率在90%以上，两种攻击的漏报率在5%以下，检测时间代价平均维持在0.1s以下的检测水平，在有效地进行WSN入侵检测中具有一定的实际参考价值。
[Abstract]:In recent years, network intrusion methods emerge in endlessly, but for wireless sensor networks with limited node energy and processing capacity, the intrusion means are even more difficult to prevent.Aiming at Hello flooding attack, black hole attack, selective forward attack dos attack and Sybil attack in WSN, this paper proposes an error correction output coding algorithm based on clustering and SVM multi-classification.This algorithm can effectively detect two of the above attacks on the basis of low time complexity, which provides an effective way for the misuse detection of attacks.The work and results of this paper are as follows:In order to enhance the usability of coding matrix and the accuracy of intrusion detection, two ideas of Hadamard coding and sparse random coding are introduced in the construction of improved H-ECOC-SVM error correction output coding matrix.In order to meet the training requirements of SVM classifier, the correlation of each column and the hamming distance between rows are taken into account in the construction of the coding matrix.It lays a good theoretical foundation for constructing the optimal SVM binary classifier.In the construction of classifier, the kernel parameters and penalty parameters are obtained by grid search and 50% cross-validation. According to the coding rules of H-ECOC-SVM matrix, a multi-class classification problem is decomposed into two kinds of problems to solve.This method not only reduces the number of classifier parameters to be obtained, but also simplifies the training model of a single classifier, which makes the detection of multi-class attacks more convenient.(3) before feature extraction, the clustering algorithm is used to detect the initial attack on the test data set.This method saves a certain amount of time and energy consumption. PCA method can analyze and extract the dimension of the feature vector when the training and test data are analyzed by principal component analysis (PCA). The process reduces the operation time and workload of the classifier.The time complexity of intrusion detection is satisfied.In the detection of Hello flooding attack, black hole attack, selective forward attack dos attack and Sybil attack, the detection rate of three attacks is over 90%, and the missing rate of two attacks is less than 5%.The detection time cost is kept below 0.1 s on average, so it has some practical reference value in effective WSN intrusion detection.
【学位授予单位】：中国计量学院
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP18;TP393.08

【参考文献】