Hadoop云平台下基于离群点挖掘的入侵检测技术研究

发布时间：2018-05-07 21:21

本文选题：入侵检测技术 + 离群点挖掘　；参考：《电子科技大学》2015年硕士论文

【摘要】：随着信息技术的快速发展,特别是互联网技术的发展,当代社会已经进入了互联网时代,人们在生活中处处享受着互联网带来的便利。然而,互联网是一把双刃剑,在给人们带来便利的同时也带来一些不安定的因素,网络安全问题造成的损失一直都在困扰着人们。入侵检测技术就是一项针对各类网络攻击的检测技术,入侵检测技术通过分析网络数据包来检测入侵行为,是解决网络安全问题的一种有效的技术。然而,随着网络的快速发展,入侵检测系统所要处理的数据变得更加的复杂,而且网络流量是巨大的,传统的入侵检测系统已无法满足当前的入侵检测需求。因此,如何使入侵检测系统能够适应当前的网络环境是当前急需解决的问题。针对入侵检测系统所要处理数据的两个特点,高维和海量。本文提出了一种基于属性相关性和离群概率的离群点挖掘算法来检测入侵行为,通过将数据挖掘技术与入侵检测技术相结合来改善入侵检测系统的性能。数据挖掘是一种从海量数据集中挖掘出有用的信息的技术,而离群点挖掘技术是数据挖掘中发现数据集中的异常数据的一种技术,这与入侵检测技术是检测所有行为中的异常行为的宗旨是非常吻合的。本文提出的算法先是通过属性相关性分析和属性约简得到高维属性集的属性子集,该属性子集能够保留原有数据集的重要信息,而后在属性子集上计算数据的离群概率来检测入侵行为。虽然通过将数据挖掘技术与入侵检测技术相结合能够很好的使入侵检测系统适应当前的网络环境,但是传统的集中式入侵检测系统的性能是有限的。因此,本文考虑将算法应用到云平台中,即将算法并行化来提高入侵检测系统的性能。Hadoop是当前应用较为广泛的开源云平台,并且具有可靠性高、扩展性好、容错性高等优点,因此,本文进一步将算法结合Hadoop的MapReduce原理来提高入侵检测系统的性能。最后,本文采用KDD CUP99数据集对提出的算法以及并行化的算法进行了实验,实验结果表明算法能够有效的发现入侵行为,并且入侵检测系统的性能也是有了较大的改善。
[Abstract]:With the rapid development of information technology, especially the development of Internet technology, the contemporary society has entered the era of Internet, and people enjoy the convenience brought by the Internet everywhere. However, the Internet is a double-edged sword, which brings convenience to people, but also brings some unsettled factors and network security problems caused by the Internet. The loss has been plaguing people all the time. Intrusion detection technology is a detection technology for various network attacks. Intrusion detection technology is an effective technique to solve network security problems by analyzing network data packets. However, with the rapid development of network, the data to be processed by intrusion detection system will be processed. It becomes more complex, and the network traffic is huge. The traditional intrusion detection system has been unable to meet the current intrusion detection requirements. Therefore, how to make the intrusion detection system adaptable to the current network environment is an urgent problem to be solved at present. For the two characteristics of the intrusion detection system to deal with the data, the high dimension and the mass. In this paper, an outlier mining algorithm based on attribute correlation and outlier probability is proposed to detect intrusion behavior. By combining data mining with intrusion detection technology to improve the performance of intrusion detection systems, data mining is a technique for mining useful information from massive data sets, and outlier mining technology is a technology. A technique for discovering abnormal data in data sets in data mining, which is very consistent with the purpose of intrusion detection technology to detect abnormal behavior in all behavior. The algorithm proposed in this paper first obtains a subset of high dimensional attributes by attribute correlation analysis and attribute reduction, and the subset can retain the original number. According to the important information of the collection, the outlier probability of the data is calculated on the subset of attributes to detect the intrusion behavior. Although the combination of data mining technology and intrusion detection technology can well adapt the intrusion detection system to the current network environment, the performance of the traditional centralized intrusion detection system is limited. Considering the application of the algorithm to the cloud platform, the algorithm parallelization to improve the performance of the intrusion detection system.Hadoop is a widely used open source cloud platform, and has the advantages of high reliability, good scalability and high fault tolerance. Therefore, this paper further combines the algorithm with the MapReduce principle of Hadoop to improve the intrusion detection system. Performance. Finally, this paper uses the KDD CUP99 data set to experiment with the proposed algorithm and the parallel algorithm. The experimental results show that the algorithm can effectively detect the intrusion behavior, and the performance of the intrusion detection system is also greatly improved.

【学位授予单位】：电子科技大学
【学位级别】：硕士
【学位授予年份】：2015
【分类号】：TP311.13;TP393.08

【共引文献】