大庆油田采油七厂网络入侵检测系统的设计与实现

发布时间：2018-04-18 07:30

本文选题：入侵检测 + 数据挖掘　；参考：《电子科技大学》2014年硕士论文

【摘要】：Internet在全球广泛使用,除了娱乐生活外,工作中也在广泛只用,例如油田工控设备远程控制,网络办公等。网络虽然给人们提供了极大的方便,也带来一系列问题,例如安全问题。人们遭受受到来自网络的攻击也越来越多,网络安全问题是人们急待解决的问题。目前已经存在一些成熟的技术确保网络安全,例如入侵检测,其能够主动的对内部网络的安全提供防护措施,不仅能够检测外部攻击行为,而且能够针对内部的误操作进行识别。针对入侵检测系统的研究较多,但是同时也存在一系列问题,例如检测率低、存在误报和漏报情况,人工参与程度高,因此,目前的入侵检测系统的适应性差,无法满足现有的复杂网络环境下的入侵检测需求。大量人工的参与给系统的运行带来了严重负担,特别是需要人工手动配置规则库中的规则。因此,随着研究的深入,在自动规则提取过程中科适当引入一些新的自动化技术,大大减少了人工参与的工作量。结合数据挖掘技术已经成为入侵检测领域中的重要方法。目前,基于数据挖掘的入侵检测是入侵检测研究的核心和趋势,而其系统复杂程度要超过现有的入侵检测系统,对数据挖掘算法的研究是构建系统的基础。本文首先分析了课题中涉及的相关技术,对公司的网络存在的安全威胁进行分析,提出了面向公司网络的入侵检测系统框架。在提出的框架结构基础上,对数据采集模块和数据挖掘模块进行重点设计。为了满足公司大规模网络流量的检测需求,采用分布式网络部署该系统。捕包模块采用最新的零拷贝方法满足大流量下的捕包功能。数据挖掘模块主要采用了聚类和关联分析技术,本文中对Apriori算法、K-means算法进行了改进。该框架侧重于对数据挖掘模块的设计来实现入侵信息的感知,为系统的研究奠定基础。最后针对实现的入侵检测系统在实际网络环境中进行部署,并利用真实流量作为背景数据,利用经典数据集进行对比测试,利用大规模流量进行压力测试。测试结果表明,该系统能够满足设计的需求,为公司网络的安全提供了又一道安全屏障。
[Abstract]:Internet is widely used in the world, in addition to entertainment life, also widely used in work, such as oil field industrial control equipment remote control, network office, and so on.Although the network provides great convenience to people, it also brings a series of problems, such as security problems.People suffer more and more attacks from the network, network security is an urgent problem to be solved.At present, there are some mature technologies to ensure network security, such as intrusion detection, which can take the initiative to provide protection measures for the security of internal network, not only can detect the behavior of external attacks.And can be used to identify the internal misoperation.There are many researches on intrusion detection system, but at the same time there are a series of problems, such as low detection rate, false alarm and false alarm, high degree of human participation, so the current intrusion detection system has poor adaptability.Can not meet the existing complex network environment intrusion detection requirements.A large number of manual participation brings a serious burden to the operation of the system, especially the need to manually configure the rules in the rule base.Therefore, with the deepening of the research, some new automation techniques are introduced in the process of automatic rule extraction, which greatly reduces the workload of manual participation.Combining data mining technology has become an important method in the field of intrusion detection.At present, intrusion detection based on data mining is the core and trend of intrusion detection research, and its system complexity is more than the existing intrusion detection system. The research of data mining algorithm is the basis of constructing the system.Firstly, this paper analyzes the related technologies involved in the subject, analyzes the security threats to the company's network, and proposes an intrusion detection system framework for the company's network.On the basis of the proposed framework, the data acquisition module and the data mining module are designed.In order to meet the demand of large-scale network traffic detection, distributed network is used to deploy the system.Packet capture module adopts the latest zero copy method to meet the packet capture function under large traffic.Data mining module mainly adopts clustering and association analysis technology. In this paper, the Apriori algorithm is improved by K-means algorithm.The framework focuses on the design of data mining module to realize intrusion information awareness, which lays a foundation for the research of the system.Finally, the intrusion detection system is deployed in the real network environment, and the real traffic is used as the background data, the classical data set is used to carry on the contrast test, and the large-scale traffic is used to carry out the stress test.The test results show that the system can meet the requirements of the design and provide another security barrier for the company's network security.
【学位授予单位】：电子科技大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【相似文献】