数据挖掘技术在网络入侵检测中的应用研究

发布时间：2018-11-14 20:14

【摘要】：随着计算机网络技术的不断发展,众多的企事业单位、政府部门将其核心业务向互联网转移,网络安全作为一个无法回避的问题呈现在人们面前。网络用户一般采用防火墙作为安全的第一道防线。而随着攻击者知识的日趋成熟,攻击工具与手段的日趋复杂多样,单纯的防火墙策略已经无法满足对安全高度敏感的部门的需要,网络的防卫必须采用一种纵深的、多样的手段。与此同时,网络环境也变得越来越复杂,设备的更换、软件的升级、系统的补漏使网络管理员的工作不断加重,不经意的疏忽便可能造成重大的安全隐患。在这种情况下,入侵检测系统成为安全市场上的热点。鉴于入侵检测技术对网络安全所起的重要作用,对入侵检测技术进行研究具有重要意义。本文对网络入侵检测技术进行了研究。论文分析了入侵检测系统的实现方式和安全性能,介绍了误用检测与异常检测各自的优缺点。针对传统入侵检测系统存在的问题,提出将数据挖掘技术、蜜罐技术等技术应用到入侵检测系统中,对数据挖掘算法和如何将数据挖掘算法应用到入侵检测系统中进行了研究。探讨了从网络数据采集、数据预处理、构造训练数据集、数据过滤,到利用数据挖掘技术生成入侵检测规则的整个过程的机理和实现方法。在上述研究的基础上设计了一个基于网络的入侵检测系统,阐述了该系统的结构及主要功能并研究了其在网络控制系统中的应用,进行了相关实验,实验结果达到了预期的目标。论文包括六章内容:第一章简要说明了入侵检测技术及本文所作的工作;第二章介绍了入侵检测的一些概念、技术;第三章介绍了数据挖掘的概念和几种常用的挖掘算法,以及挖掘算法在入侵检测中的应用;第四章主要讲述数据采集预处理系统的设计和如何利用数据挖掘技术生成入侵检测规则;第五章讲述了基于数据挖掘的网络入侵检测系统的设计和应用;第六章对所做的工作进行了总结,指出了未来研究的重点和方向。
[Abstract]:With the continuous development of computer network technology, many enterprises and government departments transfer their core business to the Internet. Network security is presented to people as an unavoidable problem. Network users generally use firewall as the first line of defense. As the knowledge of the attacker matures and the tools and means of attack become more and more complex, the simple firewall strategy can no longer meet the needs of the highly sensitive departments, so the defense of the network must be used in depth. A variety of means. At the same time, the network environment is becoming more and more complex, the replacement of equipment, the upgrade of software, the leakage of the system make the network administrator's work more and more serious, the inadvertent negligence may cause the serious security hidden danger. In this case, intrusion detection system has become a hot spot in the security market. In view of the important role of intrusion detection technology in network security, it is of great significance to study intrusion detection technology. In this paper, the network intrusion detection technology is studied. This paper analyzes the implementation mode and security performance of intrusion detection system, and introduces the advantages and disadvantages of misuse detection and anomaly detection. Aiming at the problems existing in the traditional intrusion detection system, this paper puts forward the application of data mining technology and honeypot technology to the intrusion detection system. The data mining algorithm and how to apply the data mining algorithm to the intrusion detection system are studied. This paper discusses the mechanism and implementation of the whole process from network data collection, data preprocessing, construction of training data set, data filtering to the use of data mining technology to generate intrusion detection rules. Based on the above research, an intrusion detection system based on network is designed. The structure and main functions of the system are described, and its application in the network control system is studied. The experimental results achieved the expected goal. The thesis includes six chapters: the first chapter briefly describes the intrusion detection technology and the work done in this paper, the second chapter introduces some concepts and technologies of intrusion detection. The third chapter introduces the concept of data mining and several common mining algorithms, as well as the application of mining algorithms in intrusion detection. The fourth chapter mainly describes the design of data acquisition and preprocessing system and how to use data mining technology to generate intrusion detection rules, the fifth chapter describes the design and application of network intrusion detection system based on data mining. The sixth chapter summarizes the work done and points out the emphasis and direction of future research.
【学位授予单位】：郑州大学
【学位级别】：硕士
【学位授予年份】：2005
【分类号】：TP393.08

【引证文献】