基于P2P的NSSA数据融合方法
发布时间:2018-10-22 13:44
【摘要】:由于网络规模与技术的飞速发展,计算机网络已经成为人们生活中不可缺少的一部分。然而,日益严重的网络安全问题对个人甚至国家产生了巨大的威胁。IDS的发展对网络安全领域具有重大的影响。相互独立工作的传统的IDS,面对规模日益增加、结构越来越复杂的网络,而显得无能为力。因此,分布式入侵检测系统代替IDS已经成为大规模网络安全领域的主要研究对象。分布式入侵检测系统的主要目标是通过对不同位置的安全信息进行综合分析,实现对整体网络的入侵检测。然而,不同位置的安全信息只有高效的传输到分析节点才能使分布式入侵检测系统满足应用的需求。因此,本文从将从分布式入侵检测系统的体系结构和警报信息的关联分析方法两方面对其进行研究。首先,本文利用P2P对分布式入侵检测系统的体系结构进行设计,有效的解决传统分布式入侵检测系统集中式数据分析功能带来的单点失效问题。通过对P2P在分布式入侵检测系统体系结构中的应用进行研究分析,提出一种分层的P2P网络模型。使用分层分析方法对局部的融合中心节点进行选择,使信息的处理局部化。并针对IDS到融合中心节点以及不同区域融合中心节点间的数据传输,本文提出一种基于节点优先级和链路时延的数据转发方法,从节点距离和传输时延保证数据传输的高效性。然后,对于警报关联分析方法本文使用证据加权方法改进的D-S证据理论,能够有效的对冲突证据信息进行融合分析。针对最优权重的获取,本文提出一种改进的粒子群算法,对不同的IDS进行权重赋值。通过为不同的IDS赋予合理的权值,合理分配IDS的可信度,提高数据融合结果的准确性。最后,本文从平均传输时延和网络负载对数据传输效率进行验证,从误报率和检测率对检测性能进行验证,进而保证本文提出方法的有效性。
[Abstract]:With the rapid development of network scale and technology, computer network has become an indispensable part of people's life. However, the increasingly serious problem of network security poses a great threat to individuals and even countries. The development of IDS has a great impact on the field of network security. The traditional IDS, which works independently of each other, is unable to cope with the increasing scale and complex network. Therefore, distributed intrusion detection system (DIDS) instead of IDS has become the main research object in the field of large-scale network security. The main goal of the distributed intrusion detection system is to realize the intrusion detection of the whole network by synthetically analyzing the security information of different locations. However, the distributed intrusion detection system can meet the requirements of applications only when the security information in different locations is transmitted to the analysis node efficiently. Therefore, this paper will study the distributed intrusion detection system from two aspects: the architecture of distributed intrusion detection system and the correlation analysis method of alarm information. Firstly, the architecture of distributed intrusion detection system is designed by P2P, which effectively solves the single point failure problem caused by centralized data analysis function of traditional distributed intrusion detection system. By analyzing the application of P2P in the architecture of distributed intrusion detection system, a hierarchical P2P network model is proposed. The hierarchical analysis method is used to select the local fusion center nodes to localize the information processing. Aiming at the data transmission from IDS to fusion center node and between different regional fusion center nodes, this paper proposes a data forwarding method based on node priority and link delay, which ensures the high efficiency of data transmission from node distance and transmission delay. Then, for the alert association analysis method, this paper uses the evidence weighting method to improve the D-S evidence theory, which can effectively fuse and analyze the conflict evidence information. In this paper, an improved particle swarm optimization (PSO) algorithm is proposed to assign weights to different IDS. By assigning reasonable weights to different IDS and allocating the credibility of IDS reasonably, the accuracy of data fusion results can be improved. Finally, the data transmission efficiency is verified from the average transmission delay and network load, and the detection performance is verified from the false alarm rate and detection rate, so as to ensure the effectiveness of the proposed method.
【学位授予单位】:哈尔滨工程大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
本文编号:2287321
[Abstract]:With the rapid development of network scale and technology, computer network has become an indispensable part of people's life. However, the increasingly serious problem of network security poses a great threat to individuals and even countries. The development of IDS has a great impact on the field of network security. The traditional IDS, which works independently of each other, is unable to cope with the increasing scale and complex network. Therefore, distributed intrusion detection system (DIDS) instead of IDS has become the main research object in the field of large-scale network security. The main goal of the distributed intrusion detection system is to realize the intrusion detection of the whole network by synthetically analyzing the security information of different locations. However, the distributed intrusion detection system can meet the requirements of applications only when the security information in different locations is transmitted to the analysis node efficiently. Therefore, this paper will study the distributed intrusion detection system from two aspects: the architecture of distributed intrusion detection system and the correlation analysis method of alarm information. Firstly, the architecture of distributed intrusion detection system is designed by P2P, which effectively solves the single point failure problem caused by centralized data analysis function of traditional distributed intrusion detection system. By analyzing the application of P2P in the architecture of distributed intrusion detection system, a hierarchical P2P network model is proposed. The hierarchical analysis method is used to select the local fusion center nodes to localize the information processing. Aiming at the data transmission from IDS to fusion center node and between different regional fusion center nodes, this paper proposes a data forwarding method based on node priority and link delay, which ensures the high efficiency of data transmission from node distance and transmission delay. Then, for the alert association analysis method, this paper uses the evidence weighting method to improve the D-S evidence theory, which can effectively fuse and analyze the conflict evidence information. In this paper, an improved particle swarm optimization (PSO) algorithm is proposed to assign weights to different IDS. By assigning reasonable weights to different IDS and allocating the credibility of IDS reasonably, the accuracy of data fusion results can be improved. Finally, the data transmission efficiency is verified from the average transmission delay and network load, and the detection performance is verified from the false alarm rate and detection rate, so as to ensure the effectiveness of the proposed method.
【学位授予单位】:哈尔滨工程大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
【参考文献】
相关期刊论文 前10条
1 周新宇;吴志健;王晖;李康顺;张浩宇;;一种精英反向学习的粒子群优化算法[J];电子学报;2013年08期
2 王飞;缑锦;;基于多变异粒子群优化算法的模糊关联规则挖掘[J];计算机科学;2013年05期
3 陈义雄;梁昔明;黄亚飞;;基于佳点集构造的改进量子粒子群优化算法[J];中南大学学报(自然科学版);2013年04期
4 韩飞;杨春生;刘清;;一种改进的基于梯度搜索的粒子群优化算法[J];南京大学学报(自然科学版);2013年02期
5 吴建辉;章兢;李仁发;刘朝华;;多子种群微粒群免疫算法及其在函数优化中应用[J];计算机研究与发展;2012年09期
6 刘效武;王慧强;禹继国;曹宝香;;基于多源融合的网络安全态势感知模型[J];解放军理工大学学报(自然科学版);2012年04期
7 朱桂明;郭得科;金士尧;;ODBF:基于操作型衰落Bloom Filter的P2P网络弱状态路由算法[J];计算机学报;2012年05期
8 张焱;郭世泽;黄曙光;汪永益;;一种基于多源异构传感器的网络安全态势感知模型[J];计算机应用研究;2012年01期
9 蒋黎明;何加浪;张宏;;D-S证据理论中一种新的冲突证据融合方法[J];计算机科学;2011年04期
10 于婧;汪斌强;;基于重复链路检测的P2P网络拓扑一致性方案[J];软件学报;2009年07期
相关硕士学位论文 前2条
1 杨春;P2P网络中避免集散节点形成的控制机制研究[D];华中师范大学;2009年
2 姚松平;改进PSO的神经网络数据融合技术研究[D];哈尔滨工程大学;2008年
,本文编号:2287321
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2287321.html
