基于云模型的半监督聚类入侵防御技术研究
发布时间:2018-09-05 11:23
【摘要】:随着计算机和网络技术的不断发展和广泛应用,计算机网络的安全问题也逐渐成为人们关注的焦点。由于网络环境的复杂性,攻击手段的多样性,传统的网络安全技术如防火墙、入侵检测技术已经无法满足对网络安全的需求。入侵防御系统的提出,有效地弥补了入侵检测系统以及防火墙的不足,成为网络安全领域新兴发展的一种安全技术。本文从入侵检测系统相关研究现状入手,分析了防火墙与入侵检测系统不足,提出了一种基于云模型的半监督聚类动态加权的入侵检测算法,并最终构建了基于云模型的半监督聚类的入侵防御系统。 本文针对基于无监督学习的入侵检测聚类算法检测率低,基于监督学习的入侵检测算法的训练样本不足且难以正确检测出新的未知入侵攻击的问题,提出了一种半监督聚类算法。算法在初始阶段利用少量的数据标记信息生成了初始聚类中心,使得初始聚类中心是可控的,并通过逐步生成聚类中心的方法增强了系统的鲁棒性,提高了聚类算法收敛速度和准确性。 根据云模型理论,提出了一种基于云模型的半监督聚类动态加权的入侵检测算法。算法在上述半监督聚类的基础上,结合已知的少量标识信息筛选数据初步建立正常云模型和异常云模型,用改进的一维逆向云发生器和X条件云发生器构建出云模型分类器。引入了云相对贴近度的概念定义了高维空间样本在分类过程中的属性权重,解决了云模型分类器难以处理高维数据的问题。在分类过程中对所建立的云模型不断更新并对属性实现了动态加权,,不但能准确的反映实际数据信息而且指导了数据的分类,避免了对数据先验知识的过度依赖,在一定的程度上也丰富了云分类器的相关内容。在KDD CUP99数据集下的仿真实验表明,该算法不仅可以提高系统的检测能力,还具有良好的稳定性。 最后,根据云模型理论建立了一种基于云模型的半监督聚类的入侵防御系统模型,该系统模型主要包括数据包捕获模块、入侵检测模块、响应模块、日志管理模块和管理控制模块等五大模块。重点设计了入侵检测模块中的检测算法部分,将基于云模型的半监督聚类动态加权算法作为检测器的核心算法,并给出了其他模块的功能以及整个入侵防御系统的架构。
[Abstract]:With the continuous development and wide application of computer and network technology, the security of computer network has gradually become the focus of attention. Because of the complexity of the network environment and the diversity of attack methods, the traditional network security technology such as firewall, intrusion detection technology can no longer meet the needs of network security. The proposed intrusion Prevention system (IDS) has effectively compensated for the shortcomings of IDS and firewalls, and has become a new security technology in the field of network security. In this paper, we analyze the shortage of firewall and intrusion detection system, and propose a semi-supervised clustering dynamic weighted intrusion detection algorithm based on cloud model. Finally, a semi-supervised clustering intrusion prevention system based on cloud model is constructed. In this paper, the detection rate of intrusion detection clustering algorithm based on unsupervised learning is low, and the training sample of supervised learning based intrusion detection algorithm is insufficient and it is difficult to detect new unknown intrusion attacks correctly. A semi-supervised clustering algorithm is proposed. In the initial stage, the initial clustering center is generated by using a small amount of data marking information, which makes the initial clustering center controllable, and the robustness of the system is enhanced by the method of generating the clustering center step by step. The convergence speed and accuracy of the clustering algorithm are improved. According to cloud model theory, a semi-supervised clustering dynamic weighted intrusion detection algorithm based on cloud model is proposed. On the basis of the above semi-supervised clustering, the normal cloud model and the abnormal cloud model are preliminarily established by combining a small amount of known identification information filtering data, and the improved one-dimensional reverse cloud generator and the X-condition cloud generator are used to construct the cloud model classifier. The concept of cloud relative closeness is introduced to define the attribute weight of high-dimensional spatial samples in the classification process, which solves the problem that the cloud model classifier is difficult to deal with high-dimensional data. In the process of classification, the cloud model is constantly updated and the attributes are dynamically weighted, which can not only accurately reflect the actual data information, but also guide the classification of the data, and avoid the excessive dependence on the prior knowledge of the data. To some extent, it also enriches the related contents of cloud classifier. The simulation results on KDD CUP99 data sets show that the proposed algorithm not only improves the detection ability of the system, but also has good stability. Finally, according to cloud model theory, a semi-supervised clustering intrusion prevention system model based on cloud model is established. The system model mainly includes packet capture module, intrusion detection module, response module. Log management module and management control module and other five modules. The detection algorithm of intrusion detection module is mainly designed. The semi-supervised clustering dynamic weighting algorithm based on cloud model is taken as the core algorithm of the detector. The functions of other modules and the architecture of the whole intrusion prevention system are given.
【学位授予单位】:江苏科技大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
本文编号:2224122
[Abstract]:With the continuous development and wide application of computer and network technology, the security of computer network has gradually become the focus of attention. Because of the complexity of the network environment and the diversity of attack methods, the traditional network security technology such as firewall, intrusion detection technology can no longer meet the needs of network security. The proposed intrusion Prevention system (IDS) has effectively compensated for the shortcomings of IDS and firewalls, and has become a new security technology in the field of network security. In this paper, we analyze the shortage of firewall and intrusion detection system, and propose a semi-supervised clustering dynamic weighted intrusion detection algorithm based on cloud model. Finally, a semi-supervised clustering intrusion prevention system based on cloud model is constructed. In this paper, the detection rate of intrusion detection clustering algorithm based on unsupervised learning is low, and the training sample of supervised learning based intrusion detection algorithm is insufficient and it is difficult to detect new unknown intrusion attacks correctly. A semi-supervised clustering algorithm is proposed. In the initial stage, the initial clustering center is generated by using a small amount of data marking information, which makes the initial clustering center controllable, and the robustness of the system is enhanced by the method of generating the clustering center step by step. The convergence speed and accuracy of the clustering algorithm are improved. According to cloud model theory, a semi-supervised clustering dynamic weighted intrusion detection algorithm based on cloud model is proposed. On the basis of the above semi-supervised clustering, the normal cloud model and the abnormal cloud model are preliminarily established by combining a small amount of known identification information filtering data, and the improved one-dimensional reverse cloud generator and the X-condition cloud generator are used to construct the cloud model classifier. The concept of cloud relative closeness is introduced to define the attribute weight of high-dimensional spatial samples in the classification process, which solves the problem that the cloud model classifier is difficult to deal with high-dimensional data. In the process of classification, the cloud model is constantly updated and the attributes are dynamically weighted, which can not only accurately reflect the actual data information, but also guide the classification of the data, and avoid the excessive dependence on the prior knowledge of the data. To some extent, it also enriches the related contents of cloud classifier. The simulation results on KDD CUP99 data sets show that the proposed algorithm not only improves the detection ability of the system, but also has good stability. Finally, according to cloud model theory, a semi-supervised clustering intrusion prevention system model based on cloud model is established. The system model mainly includes packet capture module, intrusion detection module, response module. Log management module and management control module and other five modules. The detection algorithm of intrusion detection module is mainly designed. The semi-supervised clustering dynamic weighting algorithm based on cloud model is taken as the core algorithm of the detector. The functions of other modules and the architecture of the whole intrusion prevention system are given.
【学位授予单位】:江苏科技大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
【参考文献】
相关期刊论文 前10条
1 杨文;入侵检测系统的现状及发展趋势[J];电脑知识与技术;2005年18期
2 李德毅,孟海军,史雪梅;隶属云和隶属云发生器[J];计算机研究与发展;1995年06期
3 杨朝晖,李德毅;二维云模型及其在预测中的应用[J];计算机学报;1998年11期
4 毛功萍;熊齐邦;;基于策略的入侵防御系统模型的研究[J];计算机应用研究;2006年03期
5 刘合安;;基于免疫的新型入侵防御模型[J];计算机应用研究;2012年07期
6 李鹏伟;葛文英;;网络病毒入侵防御系统技术的研究[J];煤炭技术;2012年09期
7 张仕斌;许春香;;基于云模型的信任评估方法研究[J];计算机学报;2013年02期
8 蒋建兵;粱家荣;王龙;;基于云模型的入侵检测研究[J];微计算机信息;2010年03期
9 阎芳;刘丙午;;基于云模型的动态物流过程知识表示[J];物流技术;2008年06期
10 刘常昱,冯芒,戴晓军,李德毅;基于云X信息的逆向云新算法[J];系统仿真学报;2004年11期
本文编号:2224122
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2224122.html
