基于多分类器的入侵检测研究
发布时间:2018-12-11 01:50
【摘要】:随着计算机网络技术的高速发展和广泛应用,网络安全问题引起了越来越多的关注。如何能够快速、准确地识别已知攻击和日益增多的新型攻击,成为入侵检测系统面临的主要问题。相比于传统的入侵检测技术,模式识别方法以其良好的推理能力,可以支持识别未知的、还未被描述的入侵行为,为基于机器学习的入侵检测技术注入了新的活力。 传统的模式识别系统往往只用一个分类器进行识别,因此要取得理想的检测效果就要求这个分类器必须在所有的样本特征上具备较好的区分能力,但单纯的分类器很难满足这样的要求。因此本文考虑将多分类器组合技术应用于入侵检测领域,以提高入侵检测系统的检测性能。 本文的主要工作有: 1、在学习了前人研究的基础上,本文提出了一种基于准确性和分类器差异性度量(Based on Accuracy and Diversity Measure, BADM)的多分类器选择算法,通过选取具有较高分类精度和较大差异性的基分类器进行组合,来提高总体的检测精度。在KDD CUP99数据集上的实验表明,本文提出的基于准确性和差异性度量的多分类器选择算法取得了良好的检测效果,总体准确率比直接集成提高了0.3个百分点,并高于KDD CUP99竞赛优胜者的结果。 2. KDD CUP99数据集是目前入侵检测研究领域的权威性数据。本文对该数据集进行了预处理操作,包括符号型特征值量化、归一化处理和特征选择等。实验中通过对不同的搜索方法选取的特征子集进行比较,最后确定使用基于遗传算法的特征选择方法,并最终得到了实验所需的训练集和测试集。 3、本文针对目前使用十分广泛的Snort入侵检测系统进行了改进,通过将文中提出的BADM算法以插件形式整合进Snort来提高Snort的检测性能。文中设计了基于多分类器组合的Snort入侵检测系统,详细介绍了系统的总体架构、各模块的功能以及实现方法等。 4、设计并实现了基于多分类器组合的Snort和Netfilter/Iptables联动系统,以解决入侵检测系统无法有效实施拦截以及防火墙只能被动防御的缺陷。论文对搭建的联动系统进行了测试,通过系统测试证明,该系统可以抵御基本的攻击行为,并具有动态防御功能。因此本系统的设计能够很好地满足中小企业对网络安全防御的需求,对构建网络安全防御体系具有积极的意义。
[Abstract]:With the rapid development and wide application of computer network technology, network security has attracted more and more attention. How to quickly and accurately identify the known attacks and the increasing number of new attacks has become the main problem of intrusion detection system (IDS). Compared with the traditional intrusion detection technology, the pattern recognition method, with its good reasoning ability, can support the recognition of unknown and undescribed intrusion behavior, which has injected new vitality into the intrusion detection technology based on machine learning. In traditional pattern recognition systems, only one classifier is used for recognition, so in order to achieve an ideal detection effect, the classifier must have a good ability to distinguish all the sample features. But the simple classifier is difficult to meet this requirement. Therefore, this paper considers the application of multi-classifier combination technology in intrusion detection, in order to improve the detection performance of intrusion detection system. The main work of this paper is as follows: 1. On the basis of previous studies, this paper proposes a multi-classifier selection algorithm based on accuracy and classifier difference metric (Based on Accuracy and Diversity Measure, BADM). In order to improve the detection accuracy, the base classifier with higher classification accuracy and greater difference is selected for combination. Experiments on KDD CUP99 data set show that the proposed multi-classifier selection algorithm based on accuracy and difference metric has achieved a good detection effect, and the overall accuracy rate is 0.3 percentage points higher than that of direct integration. And higher than the result of the winner of the KDD CUP99 contest. 2. KDD CUP99 dataset is the authoritative data in the field of intrusion detection. In this paper, the data set is preprocessed, including symbolic eigenvalue quantization, normalized processing and feature selection. By comparing the feature subsets selected by different search methods, the method of feature selection based on genetic algorithm is determined, and the training set and test set are obtained. 3. This paper improves the Snort intrusion detection system, which is widely used at present, and integrates the proposed BADM algorithm into Snort in the form of plug-in to improve the detection performance of Snort. In this paper, the Snort intrusion detection system based on multi-classifier combination is designed, and the system architecture, the function of each module and the implementation method are introduced in detail. 4. The Snort and Netfilter/Iptables linkage system based on multi-classifier combination is designed and implemented to solve the problems that intrusion detection system can not effectively implement interception and firewall can only defend passively. The test results show that the system can resist the basic attack behavior and has the function of dynamic defense. Therefore, the design of the system can meet the needs of the small and medium-sized enterprises to the network security defense, and has positive significance to the construction of the network security defense system.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
本文编号:2371634
[Abstract]:With the rapid development and wide application of computer network technology, network security has attracted more and more attention. How to quickly and accurately identify the known attacks and the increasing number of new attacks has become the main problem of intrusion detection system (IDS). Compared with the traditional intrusion detection technology, the pattern recognition method, with its good reasoning ability, can support the recognition of unknown and undescribed intrusion behavior, which has injected new vitality into the intrusion detection technology based on machine learning. In traditional pattern recognition systems, only one classifier is used for recognition, so in order to achieve an ideal detection effect, the classifier must have a good ability to distinguish all the sample features. But the simple classifier is difficult to meet this requirement. Therefore, this paper considers the application of multi-classifier combination technology in intrusion detection, in order to improve the detection performance of intrusion detection system. The main work of this paper is as follows: 1. On the basis of previous studies, this paper proposes a multi-classifier selection algorithm based on accuracy and classifier difference metric (Based on Accuracy and Diversity Measure, BADM). In order to improve the detection accuracy, the base classifier with higher classification accuracy and greater difference is selected for combination. Experiments on KDD CUP99 data set show that the proposed multi-classifier selection algorithm based on accuracy and difference metric has achieved a good detection effect, and the overall accuracy rate is 0.3 percentage points higher than that of direct integration. And higher than the result of the winner of the KDD CUP99 contest. 2. KDD CUP99 dataset is the authoritative data in the field of intrusion detection. In this paper, the data set is preprocessed, including symbolic eigenvalue quantization, normalized processing and feature selection. By comparing the feature subsets selected by different search methods, the method of feature selection based on genetic algorithm is determined, and the training set and test set are obtained. 3. This paper improves the Snort intrusion detection system, which is widely used at present, and integrates the proposed BADM algorithm into Snort in the form of plug-in to improve the detection performance of Snort. In this paper, the Snort intrusion detection system based on multi-classifier combination is designed, and the system architecture, the function of each module and the implementation method are introduced in detail. 4. The Snort and Netfilter/Iptables linkage system based on multi-classifier combination is designed and implemented to solve the problems that intrusion detection system can not effectively implement interception and firewall can only defend passively. The test results show that the system can resist the basic attack behavior and has the function of dynamic defense. Therefore, the design of the system can meet the needs of the small and medium-sized enterprises to the network security defense, and has positive significance to the construction of the network security defense system.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
【参考文献】
相关期刊论文 前7条
1 董小玲;信息安全的分水岭——2000年世界信息安全问题回顾[J];计算机安全;2001年01期
2 鲍旭华;王卫东;李鸿培;赵粮;;网络攻击与防范措施呈现新趋势——《2011年安全回顾与展望》报告提要[J];计算机安全;2012年02期
3 谷雨;徐宗本;孙剑;郑锦辉;;基于PCA与ICA特征提取的入侵检测集成分类系统[J];计算机研究与发展;2006年04期
4 韩宏;杨静宇;;多分类器组合及其应用[J];计算机科学;2000年01期
5 徐冲;王汝传;任勋益;;基于集成学习的入侵检测方法[J];计算机科学;2010年07期
6 高平利;任金昌;;基于Snort入侵检测系统的分析与实现[J];计算机应用与软件;2006年08期
7 郝红卫;王志彬;殷绪成;陈志强;;分类器的动态选择与循环集成方法[J];自动化学报;2011年11期
,本文编号:2371634
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2371634.html
