【作者】 王英泽；

【导师】 乔佩利；

【作者基本信息】 哈尔滨理工大学 ， 计算机应用技术， 2007， 硕士

【摘要】 随着网络基数的飞速发展,计算机网络被广泛应用到人类活动的各个领域,网络对社会经济和人们生活的影响越来越大,网络安全问题也越来越受到广泛的关注。面对严峻的网络安全的形势,迫切需要行之有效的网络安全保障技术。入侵检测是国内外近二十年来一直在研究网络安全的核心技术之一。它是目前安全领域较新的课题,是动态安全领域的核心,但目前仍然存在很多问题,尤其是具有自适应能力、自我学习能力的入侵检测系统还不完善。针对这些问题,介绍了入侵检测和数据挖掘技术的基本概念、原理和结构,采用了一种基于数据挖掘技术建立的入侵检测系统的方法,讨论了该系统实现中的关键技术及解决方法,将现有的数据挖掘算法中的关联分析、序列模式分析、分类等算法应用于入侵检测系统,对入侵行为提取特征、建立规则,通过对审计数据的处理与这些特征进行匹配,以形成智能化的入侵检测系统。最后对基于连接(会话)记录的滥用检测和基于用户行为的异常检测进行测试,实现了一个简单的原型。更多还原

【Abstract】 With the development at full speed of the network technology, the computer network is applied to each field of the human activity extensively, the impact on social economy and people’s life of the network is greater and greater. The security question of the network receives the extensive concern more and more, technology and products that various kinds of network security are correlated with are emerging constantly. So it is urgent to establish a set of network security assurance system.It has been the focus of research. In nearly twenty years, researches on the Intrusion Detection, the core of Network Security, have been done at home and broad. Intrusion Detection Information Security, but it still has many problems, especially in self-completing and self-learning. To solve these problems, this thesis introduced elementary concept, principle and structure of intrusion detection and data mining technology, proposed a new model for the intrusion detection system that based on the data mining technology. We apply some existing algorithms of association analysis, sequence pattern analysis, and data classification to the Intrusion Detection System. Moreover, we draw characteristics and set up rules on the intrusion behaviors. We detect intrusion action by analyzing the audit data and patterns recognition to form an intelligible detection system. At last, misuse detection based connection(session) records and anomaly detection based user action are tested, simple model is implemented.更多还原