| 题名 | 动态分布式网络入侵模式分析 |
| 作者 | 王燕国 |
| 学位类别 | 工学硕士 |
| 答辩日期 | 2008-05-28 |
| 授予单位 | 中国科学院研究生院 |
| 授予地点 | 中国科学院自动化研究所 |
| 导师 | 胡卫明 |
| 关键词 | 入侵检测 模式识别 机器学习 分布式检测 信息安全 intrusion detection pattern recognition machine learning distributed detection information security |
| 其他题名 | Network Intrusion Pattern Analysis in Dynamic and Distributed Ways |
| 学位专业 | 计算机应用技术 |
| 中文摘要 | 随着互联网的飞速发展,信息安全成为影响互联网应用最严重的问题之一。入侵检测是信息安全防护体系中的一个关键环节,研究网络入侵模式分析对促进网络技术的进步、进一步提高网络利用效率等都具有极为重要的意义。 本文针对现有入侵模式分析算法存在的一些问题以及互联网应用对入侵检测技术提出的新的要求对入侵模式分析算法进行了深入研究和探索。总体来说,本文主要的工作和贡献有: 1. 提出了基于online boosting的入侵模式分析算法,并针对入侵检测问题的特殊性做了改进。与现有基于离线训练的检测算法相比,本算法能在当前已有的入侵模式的基础上,对新的入侵模式进行快速的在线学习和更新,同时得到较好的检测结果,从而有效的适应动态多变的网络环境。 2. 对于网络行为数据中连续型和目录型特征之间的巨大差异,本文在各个特征维度上分别建立计算量小的弱分类器,而后基于Adaboost算法对这些弱分类器进行融合,从而得到计算速度快的入侵模式分析算法。同时,通过调整训练样本初始权重的方法对分类面进行修正,进而平衡入侵检测算法的检测率和虚警率,提高入侵检测的准确度。 3. 针对分布式检测架构对于入侵模式分析的新的要求,本文提出了基于混合高斯模型和Adaboost的分布式检测算法。本算法在仅需很少量数据通信的情况下,得到能反映全局网络观测数据分布信息的入侵检测分类器,从而大幅度的提高各个分布式检测站点的入侵检测能力,提高了对网络入侵的反应速度,同时不需要对外共享原始的网络行为数据,保护了用户的数据隐私。 总的来说,本文对于在动态、分布式环境下的网络入侵模式分析进行了有益的探索,本文的工作对于促进网络信息安全技术的开发和应用具有一定的积极意义。 |
| 英文摘要 | With the rapid development of the internet, information security is becoming one of the most serious problems. Network intrusion detection is a crucial part in the whole information security protection system, so it is of great significance to do research on network intrusion pattern analysis for advancing the network techniques and further improving the internet utilization efficiency. In this thesis, in order to solve some problems in existing intrusion detection algorithms and meet the new requirements from the development of the internet, we do some research on the methods for intrusion pattern analysis. The main contributions of this thesis include the following issues: 1. We propose an improved online boosting based intrusion detection algorithm. Compared with existing intrusion detection algorithms which are trained off-line, our method can online learn the new intrusion patterns quickly with good detection performance, so that the intrusion detection system can adapt to the dynamic changing network environments well. 2. Since the continuous and categorical features differ greatly for the network behavior data, we construct weak classifiers separately on each feature dimension, then generate a strong classifier based on the Adaboost ensemble scheme, resulting an intrusion detection algorithm with low computational complexity. Meanwhile, through adjusting of the initial weights for the training data, we can balance the detection rate and false alarm rate of the intrusion detector, which further improves the detection accuracy. 3. In order to meet the requirements for intrusion detection in the distributed architecture, we propose a distributed detection algorithm based on Gaussian Mixture Models and Adaboost ensemble. Our method can generate an intrusion detector reflecting the global intrusion observation data with very little communication cost, so that the detection ability of each distributed detection site is greatly improved, and no sharing of the original network data is needed which protects the data privacy of network users. In a word, in this thesis, we have made a lot of fruitful attempts and significant progresses on research on network intrusion detection in the dynamic and distributed network environments. |
| 语种 | 中文 |
| 其他标识符 | 200528014628049 |
| 内容类型 | 学位论文 |
| 源URL | [http://ir.ia.ac.cn/handle/173211/7446]  |
| 专题 | 毕业生_硕士学位论文 |
| 推荐引用方式 GB/T 7714 | 王燕国. 动态分布式网络入侵模式分析[D]. 中国科学院自动化研究所. 中国科学院研究生院. 2008. |
| 个性服务 |
| 查看访问统计 |
| 相关权益政策 |
| 暂无数据 |
| 收藏/分享 |
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论