论文标题:基于数据挖掘的入侵检测系统的研究
Research on Intrusion Detection System Based on Data Mining
论文作者 刘应玲
论文导师 杨善林,论文学位 硕士,论文专业 计算机应用技术
论文单位 合肥工业大学,点击次数 115,论文页数 59页File Size2719k
2003-06-01论文网 http://www.lw23.com/lunwen_2702337/ 入侵检测系统;数据挖掘;异常检测;误用检测;模式挖掘
intrusion detection system,data mining,anomaly detection,misuse detection,pattern mining
在信息化大潮席卷全球的今天,计算机网络及互联网飞速发展,信息已经成为推动经济和社会发展的关键因素。在人们进行高度资源共享的同时,也感受到日益突出信息安全问题。在网络环境中,如何使系统资源和数据能够授权访问,免遭恶意入侵和破坏,是当前信息安全的重大问题,日益成为人们关注的焦点。国内外近二十年来一直在研究网络安全的核心技术之一,入侵检测系统。入侵检测系统是目前安全领域较新课题,是动态安全领域的核心,但目前仍然存在很多问题,尤其是具有自适应能力、能自我学习的入侵检测系统还不完善。针对这些问题,本文采用了一种基于数据挖掘技术建立入侵检测系统的方法,讨论了该系统实现中的关键技术及解决方法,将现有的数据挖掘算法中的关联分析、序列模式分析、分类等算法应用于入侵检测系统,对入侵行为提取特征、建立规则,通过对审计数据的处理与这些特征进行匹配,检测入侵,以形成智能化的入侵检测系统。本文对基于连接(会话)记录的误用检测和基于用户行为的异常检测进行测试,实现一个简单的原型。最后总结了今后的研究方向。
Nowadays, with the surfing of global information and rapid expanse of computer network, information has been the decisive factor for the promotion of the development of economy and society. People are confronted with more and more serious problem of information security while they sharing global resources and information. In a network environment, it is an important and focal question of Information Security that how the data and resources of the system can be protected from unauthorized accesses, malicious intrusions and misuses.lt has been the focus of research. In nearly twenty years, researches on the Intrusion Detection System, the core of Network Security, have been done at home and broad. Intrusion Detection System, new domain of Network Security, is a core research area in dynamic Information Security, but it still has many problems, especially in self-completing and self-learning. To solve these problems, this thesis proposed a new model for the intrusion detection system that based on the data mining. We have discussed some key technical problems and related solutions. We apply some existing algorithms of association analysis, sequence pattern analysis, and data classification to the Intrusion Detection System. Moreover, we draw characteristics and set up rules on the intrusive behaviors. We detect intrusion action by analyzing the audit data and patterns recognition, to form an intelligible detection system. In the end of this thesis, we implement a prototype by experimenting on misuse detection of connection records and anomaly detection of user behavior profiles. The future research direction of intrusion detection system is also summarized.
|
