人工免疫检测器中匹配规则的研究

【作者】 朱艳；

【导师】 许家珆；

【作者基本信息】 电子科技大学 ， 计算数学， 2008， 硕士

【摘要】 随着Internet的迅猛发展,网络无所不在地影响社会的政治,经济,文化,军事和社会生活等各个方面,同时,网络安全也成为世界各国共同关注的焦点。目前,实现网络安全的主要技术有:入侵监测技术,防火墙技术和安全路由器技术等,由于入侵检测技术对已知的各种入侵和部分未知的入侵具有较好的识别能力,成为P2DR(Policy Protection Detection Response即策略,防护,检测,响应)安全模型的一个重要组成部分,它是动态安全技术的最核心技术之一。从上世纪80年代Anderson提出入侵检测模型以来,入侵检测技术已取得了很大进展,但仍存在很多不足之处,如检测率不高,漏报率较高,检测速度不适应高速网络的发展等问题。为解决当前入侵检测系统存在的问题,本文紧密围绕特征提取,匹配算法以及检测器模型的建立三个方面的关键技术开展研究,并取得以下初步成果。1.采用主成分分析(Principle Component Analysis)法,提取入侵检测特征值。将具有41位特征值的入侵检测KDDCUP99数据集,简化为7位特征值。对比实验表明,采用主成分分析简化的数据集检测速度大大提高,而检测率没有明显变化,证明该数据压缩的入侵特征提取方法是可行的。2.对入侵检测匹配算法进行改进,在BM算法和多模式匹配算法的基础上,提出了改进的多模式匹配算法,实验结果表明,匹配速度明显加快。3.针对负检测模型中生成的检测器存在冗余度大的问题进行改进,并将主成分分析和改进的多模式匹配算法应用其中,提出了一种新的负检测模型。更多还原

【Abstract】 Along with the Internet rapid growth, the network has presently influenced the society on politics, economics, culture, military and social life etc. Meantime,the network security has become the focus of every country. For the time being, Internet security technology includes intrusion detection technology, fire wall, security routers and so on. Because intrusion detection system (IDSs) have relatively better identifying ability against various sorts of intrusions , IDS turns to be a main part of the P2DR (police, protection, detection, response) security model.From Anderson’s intrusion detection conception model in 1980s, although intrusion detection technology has made great progress, it still has some defects and disadvantages such as low detection rate for novel attacks, high frequency of false alarm, etc. To solve these difficult problems in intrusion detection, this dissertation focuses on the feature extraction, matching algorithm and building of detector model based on intrusion detection and makes some preliminary progresses in the following aspects:1.Principle Component Analysis (PCA) are studied. 41 bits data are compressed 7 bits data. Amounts of experiments for intrusion detection with the KDDCUP99 dataset are conducted, and the results show that the data dimension using PCA is reduced obviously, the speed of detection is quickened and level of detection is not changed obviously and that pressing these data is practicable.2.A matching algorithm is improved. I put forward an advanced Multi-pattern matching algorithm based on BM algorithm and Multi-pattern matching algorithm. Large amount of experiments for the advanced Multi-pattern are conducted, and the result of the experiment demonstrate that the speed of matching is quickened obviously.3.At building of detector, I improve model of negative detection .And this improved model of detector applicant Principle Component Analysis and advanced Multi-pattern matching algorithm. A t last, this model of detector is practicable through a experiment.更多还原