数据挖掘在入侵检测系统中的应用研究

发布时间：2018-01-25 02:44

本文关键词： 入侵检测数据挖掘关联规则遗传算法　出处：《中南大学》2005年硕士论文　论文类型：学位论文

【摘要】：网络安全是一个十分复杂的问题,它涉及到网络工程的许多方面,如网络技术、网络协议、入侵检测系统的构建和加密算法等。本文主要研究了基于数据挖掘的入侵检测技术这个课题。从论文的结构来看,第一章简单回顾了网络安全技术的发展过程,论述了入侵检测及其相关算法的研究现状,对本论文的章节安排和论文的研究思路做了介绍。第二章论述了入侵检测技术的基本概念、检测模式,以及入侵检测的通用模型,阐述了现有入侵检测系统的不足。第三章论述了数据挖掘技术的许多方法,重点分析了关联规则分析方法和遗传算法分析方法,目的是为后面对此两种算法的进一步研究和应用做铺垫。第四章在对基于数据挖掘的入侵检测系统的结构和功能的分析基础上,提出了要解决的两个关键问题是误报、漏报问题和检测速度的问题。在分析Apriori算法的基础上,提出了对Apriori算法的改进办法。进一步论述了加权关联规则算法及其入侵检测中的具体实现。在论述了把遗传算法应用到入侵检测系统中的基础上,本文提出了基于关联规则和遗传算法的复合入侵检测模型及其实现办法,这是本论文的一个创新之处。第五章针对目前基于数据挖掘的入侵检测中的一些问题,提出了分级数据挖掘入侵检测模型及实现办法,此方法把数据挖掘分级实行,把规则库分为两类,通过规则管理器动态进行调整。实验表明此方法可以有效地提高入侵检测的效率。第六章阐述了校园网安全体系的构建方法。重点论述了通过网络如何建立一个免费的入侵检测系统。最后分析了基于数据挖掘的入侵检测技术的发展方向。
[Abstract]:Network security is a very complex problem . It involves many aspects of network engineering , such as network technology , network protocol , construction of intrusion detection system , encryption algorithm , etc . This paper mainly studies the technology of intrusion detection based on data mining . From the structure of the paper , the first chapter briefly reviews the development process of network security technology , discusses the research status of intrusion detection and its related algorithms , and introduces the chapter arrangement and the research thinking of the thesis . In the second chapter , the basic concept , the detection mode and the general model of intrusion detection are discussed , and the shortcomings of the existing intrusion detection system are expounded . In chapter 3 , the methods of data mining are discussed , the correlation rule analysis method and genetic algorithm analysis method are analyzed , and the purpose of this paper is to pave the way for further research and application of the two algorithms . In chapter 4 , based on the analysis of the structure and function of the intrusion detection system based on data mining , two key problems to be solved are the problems of false positives , leakage problems and detection speed . On the basis of analyzing the Apriori algorithm , this paper presents an improved approach to the Apriori algorithm . In the fifth chapter , aiming at some problems in intrusion detection based on data mining , this paper puts forward a classification data mining intrusion detection model and its implementation method . The method divides data mining into two categories , which are dynamically adjusted by rule manager . Experiments show that the method can effectively improve the efficiency of intrusion detection . Chapter 6 describes the construction method of campus network security system , and discusses how to establish a free intrusion detection system through the network . Finally , the development direction of intrusion detection technology based on data mining is analyzed .

【学位授予单位】：中南大学
【学位级别】：硕士
【学位授予年份】：2005
【分类号】：TP393.08

【参考文献】