基于频繁模式的离群点挖掘在入侵检测中的应用

发布时间：2018-05-09 20:03

本文选题：频繁模式 + 离群点　；参考：《重庆大学》2013年硕士论文

【摘要】：随着当今信息科学技术的发展，对于信息安全的保障也有了更加迫切的需求。当前通常用于信息安全保障方法主要有，入侵检测，防火墙以及其他的信息安全技术。保障网络安全的其中一种有效方法就是入侵检测。入侵检测本质上是一种信息识别与检测技术，它是以预见入侵行为的出现和判定入侵行为的存在为目的的一种安全手段。从数据的角度来讲，入侵检测实际上是一种数据的分析过程，它和数据挖掘等数据相关的学科有着相互交叉的部分。数据挖掘技术在许多数据安全领域中得到了运用，如金融领域的欺诈分析，电信业的盗用模式分析和异常模式识别，以及网络管理中的入侵检测。所以，研究数据挖掘技术在入侵检测中的应用，是时下一个热点。入侵检测中基于网络的异常检测大多数是使用数据挖掘的算法来设计原型系统，常用的数据挖掘算法有分类算法，聚类算法，，离群点算法，以及其他算法，其中基于聚类的离群点算法较为普遍，这种方法将正常行为看作若干个正常的簇，异常行为看作离散的点，找出了这些离散的点也就找出了数据中的异常数据。许多学者针对网络入侵检测的环境对离群点算法进行有针对性的改进以适应入侵检测的需求。本文主要就基于频繁离群点的数据挖掘算法在入侵检测中的应用展开研究，具体工作如下所述： ①研究入侵检测算法的常规技术，对典型技术进行分类总结，并分析每种技术特有的优势和劣势，同时探讨该技术当下面临的问题与对策。 ②对基于频繁性的数据挖掘方法进行研究分析，针对网络数据的高维特性进行研究，探讨各种方法在应用中的实际应用效果。 ③针对上述的了解分析，提出一种新颖的基于频繁离群数据挖掘算法，依赖于检测数据项的频繁模式和关联规则，通过优化频繁因子的计算方法和每个属性的频繁性计算，剥离数据流中或安全日志数据中的噪音和异常点，计算安全数据的加权频繁离群因子，精确定位离群点，最后从中自动筛选出异常属性。 ④利用网络入侵检测数据集KDD-CUP-99对上述的方法进行实验比较，实验证明该算法的可行性和优势。
[Abstract]:With the development of information science and technology, there is a more urgent need for information security. At present, the main methods of information security are intrusion detection, firewall and other information security technologies. One of the effective methods to ensure network security is intrusion detection. Intrusion detection is essentially a kind of information recognition and detection technology. It is a security means to foresee the occurrence of intrusion behavior and determine the existence of intrusion behavior. From the point of view of data, intrusion detection is actually a kind of data analysis process, which has intersected parts with data mining and other data related disciplines. Data mining technology has been applied in many fields of data security, such as fraud analysis in financial field, embezzlement pattern analysis and anomaly pattern recognition in telecommunication industry, and intrusion detection in network management. Therefore, studying the application of data mining technology in intrusion detection is a hot spot. In intrusion detection, most of anomaly detection based on network is to design prototype system using data mining algorithm. The commonly used data mining algorithms include classification algorithm, clustering algorithm, outlier algorithm, and other algorithms. The outlier algorithm based on clustering is more common. This method regards normal behavior as several normal clusters, abnormal behavior as discrete points, and finds out these discrete points to find the abnormal data in the data. Many scholars have improved outlier algorithm to meet the need of intrusion detection. In this paper, the application of data mining algorithm based on frequent outlier in intrusion detection is studied. The specific work is as follows: The main contents of this paper are as follows: (1) the conventional techniques of intrusion detection algorithm are studied, the typical technologies are classified and summarized, and the advantages and disadvantages of each technology are analyzed, and the problems and countermeasures that the technology is faced with are discussed at the same time. Secondly, the methods of data mining based on frequency are studied, and the characteristics of high dimension of network data are studied, and the practical application effect of various methods in application is discussed. 3 in view of the above understanding analysis, a novel algorithm based on frequent outlier data mining is proposed, which depends on the frequent patterns and association rules of detecting data items, and optimizes the calculation method of frequent factors and the frequency calculation of each attribute. The noise and outliers in data stream or security log data are stripped, the weighted frequent outliers are calculated, the outliers are accurately located, and the abnormal attributes are automatically selected. (4) by using the network intrusion detection data set (KDD-CUP-99), the experimental results show that the proposed algorithm is feasible and superior.
【学位授予单位】：重庆大学
【学位级别】：硕士
【学位授予年份】：2013
【分类号】：TP311.13;TP393.08

【相似文献】