基于BP神经网络的入侵检测系统研究

发布时间：2018-06-19 10:50

本文选题：入侵检测 + BP神经网络　；参考：《解放军信息工程大学》2014年硕士论文

【摘要】：由于网络本身开放性和自由性的特点,导致一些非法分子的攻击,恶意破坏或侵犯网络,安全问题日趋突出。攻击网络的手段和技术不断更新,使得传统的防火墙、数字认证等安全防护措施已经不能满足网络安全的需求,入侵检测技术应运而生。然而由于入侵检测算法的局限性,目前的入侵检测系统仍然存在实时性差、误报率高等不足。本文分析传统BP神经网络构建入侵检测模型在收敛速度和漏报率方面存在的缺陷,提出将改进的粒子群算法应用到入侵检测系统中；通过研究Probing和Dos的攻击原理,分析这Dos攻击方法的特征,提取特征数据,建立特征集合,设计一种基于改进PSO和BP神经网络的入侵检测模型,并在此模型的基础设计网络入侵检测系统,通过仿真试验证明系统在误报率、收敛速度及漏报率方面的改进效果。本文所作的主要研究工作包括以下内容：(1)分析标准粒子群算法与基本BP神经网络构建入侵检测模型存在的不足,通过引入惯性权重因子、动态收缩因子、变异操作和多目标寻优等策略改进粒子群算法,将和改进后的粒子群算法优化BP神经网络。(2)利用MATLAB工具进行BP神经网络的设计,从KDDCUP的数据集中提取训练数据和测试数据,对神经网络进行训练。(3)将训练好的BP神经网络用于入侵检测,构建基于优化BP神经网络的入侵检测系统,为了提高系统的防御能力,通过系统与防火墙、杀毒软件、反间谍软件等的联动,建立全方位的系统防护体系,使系统具有主动防御的能力。最后设计实验环境和平台,对基于改进PSO-BP神经网络的入侵检测系统进行性能分析,验证系统在检测Probing攻击和Dos攻击方面的检测能力,并将其与传统的BP神经网络进行对比。实验结果表明,基于改进PSO-BP神经网络的入侵检测系统能够有效在阻止来自网络上的恶意攻击,提高了检测的效率和处理性能,降低了漏报率和误报率；同时也证明了改进PSO-BP申经网络用于入侵检测的可行性。
[Abstract]:Because of the openness and freedom of the network, some illegal elements attack, maliciously destroy or violate the network, and the security problem becomes more and more serious. The means and technology of attacking network are constantly updated, which makes traditional security measures such as firewall, digital authentication and so on can not meet the needs of network security. Intrusion detection technology emerges as the times require. However, due to the limitations of intrusion detection algorithm, the current intrusion detection system still has poor real-time performance and high false alarm rate. This paper analyzes the shortcomings of the traditional BP neural network in constructing intrusion detection model in terms of convergence speed and false report rate, and proposes to apply the improved particle swarm optimization algorithm to the intrusion detection system, and studies the attack principle of probe and Dos. This paper analyzes the features of the Dos attack method, extracts the feature data, establishes the feature set, designs an intrusion detection model based on improved PSO and BP neural network, and designs a network intrusion detection system based on this model. Simulation results show that the system can improve the false alarm rate, convergence rate and false alarm rate. The main research work in this paper includes the following contents: 1) analyzing the shortcomings of standard particle swarm optimization algorithm and basic BP neural network in constructing intrusion detection model. By introducing inertia weight factor and dynamic shrinkage factor, Mutation operation and multi-objective optimization are used to improve particle swarm optimization. The improved particle swarm optimization algorithm is used to optimize BP neural network. MATLAB is used to design BP neural network. The training data and test data are extracted from the data set of KDDCUP. The BP neural network is used in intrusion detection, and an intrusion detection system based on optimized BP neural network is constructed. In order to improve the defense ability of the system, antivirus software is used through the system and firewall. The linkage of anti-spyware software, the establishment of an all-round system protection system, so that the system has the ability of active defense. Finally, the experimental environment and platform are designed to analyze the performance of intrusion detection system based on improved PSO-BP neural network, and verify the detection ability of the system in detecting probe attack and dos attack, and compare it with the traditional BP neural network. The experimental results show that the intrusion detection system based on improved PSO-BP neural network can effectively prevent malicious attacks from the network, improve the detection efficiency and processing performance, and reduce the false alarm rate and false alarm rate. At the same time, it also proves the feasibility of improving PSO-BP network for intrusion detection.
【学位授予单位】：解放军信息工程大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08;TP183

【参考文献】