CASIA OpenIR  > 毕业生  > 硕士学位论文
面向互联网入侵检测的机器学习方法研究
其他题名Research on Machine Learning Methods in Network Intrusion Detection
胡卫
学位类型工学硕士
导师胡卫明
2006-05-30
学位授予单位中国科学院研究生院
学位授予地点中国科学院自动化研究所
学位专业模式识别与智能系统
关键词入侵检测 机器学习 有监督学习 非监督学习 主动学习 Adaboost 谱聚类 优势集聚类 Intrusion Detection Machine Learning Supervised Learning Unsupervised Learning Active Learning Adaboost Spectral Clustering Dominant Set Clustering
摘要随着互联网的飞速发展,信息安全成为影响网络应用的最严重的问题之一。入侵检测是信息安全防护体系中的一个必不可少的环节,研究互联网入侵检测对促进网络技术的进步、进一步提高网络利用效率等都具有极为重要的意义。 互联网入侵检测的任务就是要将互联网上的正常网络行为和攻击行为区分开来。更进一步的,要将不同种类的网络攻击行为区分开来。传统的入侵检测主要是采用信号分析或者统计学中的方法,但这种传统的入侵检测思路不适应网络行为的多样性和攻击手段的迅速发展。近几年来,利用机器学习中的理论与方法来解决入侵检测成为一个热点。 本文面向入侵检测领域,对目前国际上流行的一些机器学习的方法进行了研究,涉及到有监督学习、非监督学习和主动学习等多个方面。总体来说,在本文中,主要的工作和贡献有: 1. 利用离散Adaboost算法设计并实现了基于有监督学习的入侵检测系统。采用了改进的初始权值设置方式和简单的避免过学习策略,使得我们的基于Ababoost算法的入侵检测系统在保持较高的检测率的情况下,大幅度降低虚警率。同时,该入侵检测系统计算复杂度低,能够频繁重训练以应付复杂多变的网络环境,因而很有希望走向实用化。 2. 分别利用多类谱聚类算法和优势集聚类算法设计并实现了基于非监督学习的入侵检测系统。我们采用了多个聚类容器投票的策略来部分抵消聚类容器容量不能太大从而导致准确性低的问题。但实验结果表明,单独使用这两种算法都无法取得令人满意的检测结果。 3. 提出了非监督主动学习框架,并设计实现了层次聚类主动学习入侵检测系统,将优势集聚类和谱聚类进行互补,在大幅度减轻人工标记负担的情况下,保持较好的检测效果。我们的主动学习框架具有扩展性强、灵活性高、能在很大程度上解决语义鸿沟问题、模拟了人类的认知过程等优良的特性,有继续深入研究的价值。 总的说来,本文在机器学习方法本身及其在互联网入侵检测领域中的应用等方面做了一些有益的探索。
其他摘要With the breakneck development of the internet, the information security threat is becoming one of the most crucial problems. In the whole information security protection system, Network Intrusion Detection (NID) is one of the indispensable parts. So it is of much essence to do research on NID for advancing the network techniques and further improving the internet utilization efficiency. NID aims at identifying the normal behaviors and the attacks on the internet. Furthermore, different types of attacks have to be distinguished from each other. In recent years, it has become a heated research area to bring into NID the theories and methods of machine learning. In this thesis, based on the practical application of NID, we study several prevailing methods in machine learning, which include supervised learning methods, unsupervised learning methods and active learning methods, etc. The main contributions of this thesis include the following issues: 1. We design and implement an Network Intrusion Detection System (NIDS) based on Adaboost algorithm. With an improved setting of initialized weights and a simple strategy to avoid overfitting, our Adaboost-based NIDS can achieve a very low false positive rate while keeping a relatively high detection rate. Meanwhile, this NIDS owns low computational complexity which makes it possible for the system to be frequently retrained in complicated and changeful network environments. So it is very promising that this NIDS will be used in future practice. 2. We design and implement NIDS based on unsupervised learning respectively using multiclass spectral clustering algorithm and dominant set clustering algorithm. Voting strategy is used to offset the low clustering accuracy due to the size limit of clustering cases to some extent. But the abjective experimental results show that it is not a very good idea to use these two algorithms separately in NID. 3. We propose an unsupervised-based active learning framework, and implement a hierarchical clustering active learning system. In our system, dominant set clustering and spectral clustering are designed to complement with each other, leading to large reduction of human labeling effort and competitive detection results. The advantages of our active learning framework includes these aspects: 1) It can be easily extended; 2)It has high flexibility; 3)It can to a large extent solve the semantic gap problem; 4)It simulates the learning process of our human beings. We believe that with these strongs, the proposed active learning framework is much worthy of being further developed. In a word, in this thesis, we have made a lot of fruitful attempts and significant progresses on research on machine learning and its application in network intrusion detection.
馆藏号XWLW976
其他标识符200328014604127
语种中文
文献类型学位论文
条目标识符http://ir.ia.ac.cn/handle/173211/7379
专题毕业生_硕士学位论文
推荐引用方式
GB/T 7714
胡卫. 面向互联网入侵检测的机器学习方法研究[D]. 中国科学院自动化研究所. 中国科学院研究生院,2006.
条目包含的文件
文件名称/大小 文献类型 版本类型 开放类型 使用许可
CASIA_20032801460412(811KB) 暂不开放CC BY-NC-SA请求全文
个性服务
推荐该条目
保存到收藏夹
查看访问统计
导出为Endnote文件
谷歌学术
谷歌学术中相似的文章
[胡卫]的文章
百度学术
百度学术中相似的文章
[胡卫]的文章
必应学术
必应学术中相似的文章
[胡卫]的文章
相关权益政策
暂无数据
收藏/分享
所有评论 (0)
暂无评论
 

除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。