基于支持向量机的入侵检测系统的研究与仿真

发布时间：2018-06-18 05:07

本文选题：网络安全 + 入侵检测　；参考：《北京邮电大学》2014年硕士论文

【摘要】：近年来,随着计算机技术与互联网的快速发展,网络信息量呈爆发式增长。然而,高速发展的信息技术在带给人们便捷的同时,也留下了网络安全难题。伴随着网络容量与网民总数的增长,各种网络入侵事件层出不穷,大有愈演愈烈之势。面对来势汹汹的网络安全问题,人们提出了各种安全技术。这其中,入侵检测技术作为能化被动防守为主动拦截的安全技术,正成为人们研究的热点方向。然而,传统的入侵检测技术主要是基于规则匹配的专家知识系统,需要手工更新匹配模式,代价昂贵而低效。面对新型入侵手段时,显得相当乏力。为克服这种入侵检测技术的弱点,出现了大量基于机器学习的入侵检测技术。机器学习方法可以直接对收集到的海量审计数据进行训练建模,自动生成检测模型,极大改善入侵检测系统的效率。在众多的机器学习方法中,支持向量机以其对小样本,高维度数据良好的分类效率脱颖而出,成为近年来研究的重点。本文将主要研究基于支持向量机的入侵检测。主要工作如下：在详细讨论了支持向量机的理论基础一统计学习理论的基础上,本文首先提出了基于双支持向量机的入侵检测系统,详细分析了系统各个模块并仿真实现了各个模块。特别地,为解决双支持向量机的参数选择问题,提出了针对双支持向量机的参数选择算法。此外,为能够直接处理未标注类别的原始审计数据,还提出了基于单类支持向量机的入侵检测系统。为检验所提出的入侵检测系统的检测性能,采用入侵检测领域广泛使用的KDD'99数据集进行实验,并与最新的研究成果进行对比。最终的实验结果表明,本文所提出的基于双支持向量机的入侵检测系统在所有4大类攻击中均取得了检测率的提升,特别是对样本量少的攻击,提升更为明显,并取得了最高的总检测率。而基于单类支持向量机也能够有效处理无类别的数据集。
[Abstract]:In recent years, with the rapid development of computer technology and Internet, the amount of network information is explosive. However, the rapid development of information technology not only brings convenience to people, but also leaves a difficult problem of network security. With the growth of network capacity and the total number of Internet users, various network intrusions emerge in endlessly and become more and more intense. In the face of the threat of network security, people put forward a variety of security techniques. Among them, intrusion detection technology, as a security technology that can transform passive defense into active interception, is becoming a hot research direction. However, the traditional intrusion detection technology is mainly based on the rule matching expert knowledge system, which needs to update the matching pattern manually, which is expensive and inefficient. In the face of a new type of invasion, it seems rather weak. In order to overcome the weakness of this intrusion detection technology, a large number of intrusion detection techniques based on machine learning have emerged. The machine learning method can directly train and model the massive audit data collected, and generate the detection model automatically, which greatly improves the efficiency of the intrusion detection system. Among many machine learning methods, support vector machine (SVM) has become the focus of research in recent years because of its good classification efficiency for small samples and high dimensional data. This paper will focus on intrusion detection based on support vector machine (SVM). The main work is as follows: based on the detailed discussion of the statistical learning theory, a new intrusion detection system based on double support vector machine is proposed in this paper. Each module of the system is analyzed in detail and each module is realized by simulation. In particular, in order to solve the parameter selection problem of dual support vector machine, a parameter selection algorithm for double support vector machine is proposed. In addition, an intrusion detection system based on single class support vector machine is proposed to deal with the raw audit data of unlabeled classes directly. In order to test the detection performance of the proposed intrusion detection system (IDS), the KDD 99 data set, which is widely used in the field of intrusion detection, is used for experiments and compared with the latest research results. Finally, the experimental results show that the proposed intrusion detection system based on dual support vector machine has achieved a higher detection rate in all four kinds of attacks, especially for small sample size attacks. The highest total detection rate was obtained. And the support vector machine based on single class can also deal with the data set without class effectively.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08;TP18

【参考文献】