【作者】 范荣真；

【导师】 杨东勇；

【作者基本信息】 浙江工业大学 ， 计算机应用技术， 2004， 硕士

【摘要】 本文针对入侵检测系统展开了相关的研究。首先分析了入侵检测领域的当前发展状况、存在的问题。当前入侵检测系统的误报率高的主要原因是：仅仅由单一的检测手段得到的不完善的信息而没有充分考虑各种检测信息，容易得出不正确的结论。为了解决这个问题，根据信息融合理论，构建了基于信息融合的入侵检测系统的结构模型。首先通过多种检测手段获得同一对象的多源检测信息，也就是实现了信息融合的目标配对；然后根据信息融合的目标关联理论将同一对象的本次检测信息与以前的检测信息进行关联，最后利用证据推理中的Dernpster—Shafer证据合成公式的良好合成性进行融合计算并得出综合检测结论。最后，通过仿真实验比较了证据推理方法与可信度方法的融合计算结果，验证了证据推理在入侵检测中的应用可行性。结果表明，基于信息融合思想的入侵检测系统，不仅可以降低信息的冗余度；而且进行适当融合计算能够提高检测结果准确性，降低系统误报率；另外，具有一定的容错能力。因此，信息融合在入侵检测中具有很大的应用前景。更多还原

【Abstract】 The intrusion detection in networks is studied in the thesis. Firstly, the development situation and the existing problems in the field of the intrusion detection are analyzed. Thereby the dominating factors to affect the information of the Intrusion Detection System (IDS) are carried out, it is too difficult to obtain a perfect conclusion based on a detection information without considering another different detection information. Secondly, to solve the problem, a model of IDS based on information fusion theory is designed, the multisensor detection information for the same object is obtained, the object matching for information fusion is completed, and then the current detection information is associated with the previous information based on the information fusion theory, therefore the fused detection information is obtained by using the Dempster-Shafer evidence composition algorithm. Finally, the feasibility to use the evidence reasoning into IDS is validated according to the simulation results. The simulation results indicate that the IDS based on information fusion can not only decrease the information redundancy, butalso increase the detection veracity and reduce the misinformation of the system, meanwhile it has the error tolerance capacity. Therefore, there is a wide application foreground for the IDS with information fusion.更多还原