一种数据挖掘技术在入侵检测系统中的应用
|
摘要
随着网络基数的飞速发展,计算机网络被广泛应用到人类活动的各个领域,网络对社会经济和人们生活的影响越来越大,网络安全问题也越来越受到广泛的关注。面对严峻的网络安全的形势,迫切需要行之有效的网络安全保障技术。
入侵检测是国内外近二十年来一直在研究网络安全的核心技术之一。它是目前安全领域较新的课题,是动态安全领域的核心,但目前仍然存在很多问题,尤其是具有自适应能力、自我学习能力的入侵检测系统还不完善。针对这些问题,介绍了入侵检测和数据挖掘技术的基本概念、原理和结构,采用了一种基于数据挖掘技术建立的入侵检测系统的方法,讨论了该系统实现中的关键技术及解决方法,将现有的数据挖掘算法中的关联分析、序列模式分析、分类等算法应用于入侵检测系统,对入侵行为提取特征、建立规则,通过对审计数据的处理与这些特征进行匹配,以形成智能化的入侵检测系统。最后对基于连接(会话)记录的滥用检测和基于用户行为的异常检测进行测试,实现了一个简单的原型。
With the development at full speed of the network technology, the computer network is applied to each field of the human activity extensively, the impact on social economy and people's life of the network is greater and greater. The security question of the network receives the extensive concern more and more, technology and products that various kinds of network security are correlated with are emerging constantly. So it is urgent to establish a set of network security assurance system.
It has been the focus of research. In nearly twenty years, researches on the Intrusion Detection, the core of Network Security, have been done at home and broad. Intrusion Detection Information Security, but it still has many problems, especially in self-completing and self-learning. To solve these problems, this thesis introduced elementary concept, principle and structure of intrusion detection and data mining technology, proposed a new model for the intrusion detection system that based on the data mining technology. We apply some existing algorithms of association analysis, sequence pattern analysis, and data classification to the Intrusion Detection System. Moreover, we draw characteristics and set up rules on the intrusion behaviors. We detect intrusion action by analyzing the audit data and patterns recognition to form an intelligible detection system. At last, misuse detection based connection(session) records and anomaly detection based user action are tested, simple model is implemented.
入侵检测是国内外近二十年来一直在研究网络安全的核心技术之一。它是目前安全领域较新的课题,是动态安全领域的核心,但目前仍然存在很多问题,尤其是具有自适应能力、自我学习能力的入侵检测系统还不完善。针对这些问题,介绍了入侵检测和数据挖掘技术的基本概念、原理和结构,采用了一种基于数据挖掘技术建立的入侵检测系统的方法,讨论了该系统实现中的关键技术及解决方法,将现有的数据挖掘算法中的关联分析、序列模式分析、分类等算法应用于入侵检测系统,对入侵行为提取特征、建立规则,通过对审计数据的处理与这些特征进行匹配,以形成智能化的入侵检测系统。最后对基于连接(会话)记录的滥用检测和基于用户行为的异常检测进行测试,实现了一个简单的原型。
With the development at full speed of the network technology, the computer network is applied to each field of the human activity extensively, the impact on social economy and people's life of the network is greater and greater. The security question of the network receives the extensive concern more and more, technology and products that various kinds of network security are correlated with are emerging constantly. So it is urgent to establish a set of network security assurance system.
It has been the focus of research. In nearly twenty years, researches on the Intrusion Detection, the core of Network Security, have been done at home and broad. Intrusion Detection Information Security, but it still has many problems, especially in self-completing and self-learning. To solve these problems, this thesis introduced elementary concept, principle and structure of intrusion detection and data mining technology, proposed a new model for the intrusion detection system that based on the data mining technology. We apply some existing algorithms of association analysis, sequence pattern analysis, and data classification to the Intrusion Detection System. Moreover, we draw characteristics and set up rules on the intrusion behaviors. We detect intrusion action by analyzing the audit data and patterns recognition to form an intelligible detection system. At last, misuse detection based connection(session) records and anomaly detection based user action are tested, simple model is implemented.
引文
1 Jack Koziol, 吴博峰等译. snort 入侵检测实用解决方案. 机械工业出版社, 2005: 142~145
2 W. W. Cohen. Fast effective rule induction. In Machine Learning: the 12th International Conference, Lake Taho, CA, 2005: 134~143
3 Pei J, Han J, Pinto. PrefixSpan: mining sequential patterns efficiently ... 2001 Int Conf on DataEngineering. Heidelberg, Germany, 2001: 58~60
4 阮耀平, 易江波. 计算机系统入侵检侧模型与方法. 计算机工程, 2005, 18(3): 232~236
5 张凤琴, 张水平. 基于数据挖掘技术的入侵检测系统. 现代电子技术, 2005, (2): 56~62
6 张蕊, 朱清祥. 交互式的关联规则挖掘在入侵检测中的应用. 武汉理工大学学报(信息与管理工程版), 2005, 27(2): 54~56
7 Lee W. K. , Stolfo S. A framework for constructing features and models f... ACM Transactions on Information and System Securty, 2000, (4): 227~241
8 R. Agrawal, R. Srikant. Mining Sequential Patterns: Generalizations and Performance Improvements Proceeding of the Fifth Int’l Conference on Extending Database Technology(EDBT), 1996: 3~17
9 Andrew H. Sung, Srinivas Mukkamala.Identifying Important Features for Intrusion Data 2003 IEEE Proceedings of the 2003 Symposium on Applications and the Internet, 2003: 77~81
10 Jiawei Han, Micheline Kamber. 数据挖掘概念和技术. 北京机械工业出版社, 2001: 256~264
11 赵丽, 孙敏. 入侵检测系统的性能问题研究. 计算机工程与应用, 2005, 41(10): 138~140
12 李霞, 钟乐海. 基于数据挖掘的分布式入侵检测系统. 电子工程师, 2005, 31(3): 57~59
13 赵小林, 马锐. 网络入侵特征的关联检测算法. 计算机工程, 2004, 30(24): 96~98
14 Ding-Ying, Chiu Yi-Hung. An Efficient Algorithm for Mining Frequent 2004 IEEE Proceedings of the 20th International Conference on Data Engineering,2004: 93~102
15 李雄飞, 李军. 数据挖掘与知识发现. 高等教育出版社. 2003: 243~256
16 赵文武, 刘雪飞. 基于数据挖掘的入侵特征选择与构造的新方法. 计算机应用研究, 2005, (4): 128~130
17 宋世杰. 基于序列模式挖掘的误用入侵检测系统及其关键技术研究. 国防科学技术大学, 2005: 54~58
18 张博, 布日古德. 数据挖掘中的关联规则在入侵检测系统中的应用. 航空计算技术, 2005, (4): 124~127
19 韦必忠, 王勇. 数据挖掘技术在网络入侵检测中的应用分析. 沿海企业与科技, 2005, (2): 156~158
20 Akesh Agrawal, Ramakrishnan Srikant. Mining Sequential Patterns. IBM Almaden Research Center. 1995 IEEE, 1995: 322~326
21 秦姣华, 向旭宇. 数据挖掘在入侵检测中的应用. 现代计算机, 2006, (1): 23~26
22 褚永刚, 杨义先. 入侵监测系统地的技术发展趋势. 世界电信, 2005: 43~49
23 莫林利, 王长征. 网络入侵检测技术研究. 科技广场, 2005, (2): 35~36
24 Manganaris S, Christensen M, A Data Mining Analysis of RTID Alarms. Computer Networks, 2000, (4): 571~577
25 W. Lee, S. Stolfo. Data mining Approaches for Intrusion Detection[C]. In: Proc
7th USENIX Security Symposium (SECURITY'98), San Antonio. TX, 1998: 79~94
26 Eleazar Eskin, Andrew Arnold. A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabled Data. Data Mining for Security Application(DMSA 2002). Kluwer, 2002: 136~149
27 郭军华. 网络入侵检测中的数据挖掘技术探讨. 科技广场, 2005, (2): 37~38
28 熊家军. 基于数据挖掘的入侵检测关键技术研究. 华中科技大学, 2004: 92~96
29 邹宏, 陈海. 基于数据挖掘的入侵检测技术研究. 计算机与代化, 2005, (4): 39~41
30 Q. Zheng, K. Xu. The Algorithms of Updating Sequential Patterns. The Second SIAM Data mining’2002: workshop HPDM, Washington, USA, 2005: 42~45
31 Ju-Dong Ren, Lung-Lung Yang. An Algorithm For Mining Generalized Sequential Pat Proceedings of the Third International Conference on MachineLeaming and Cybernetics, Shanghai, February 26-March 1, 2004: 26~29
32 R. Agrawal, T. Imielinski. Mining Association Rules Between Sets of Items in Large Databases. Proceedings of the ACM SIGMOD Conference on Management of Data, 2004: 207~216
33 Zaki M. J. Efficient Enumeration of Frequent Sequences. In: Proceedings of the 2003 ACM 7th International Conference on Information and Knowledge Management. Washington, USA, 1998: 68~75
34 Han J., Wang J. Mining top-k frequent closed patterns without minimum support. Proc 2002 Int Conf on Data Mining, Maebashi, Japan: IEEE Press, 2004: 211~218
35 W. Lee, S. Stolfo. Data Mining Approaches for Intrusion Detection. In: Proc 7th USENIX Security Symposium (SECURITY'98), San Antonio. TX, 2004: 79~94
36 F. Shi. Genetic Algorithms for Feature Selection in An Intrusion Detection Application. Masters thesis. Mississippi State University. Mississippi State, MS, 2001: 247~264
37 耿俊燕, 吴灏. 数据挖掘在入侵检测系统中的应用研究. 计算机工程与设计, 2005, 26(4): 870~872
38 谭雅莉. 基于数据挖掘得入侵检测系统设计. 电脑知识与技术, 2005, (9): 15~16
39 严大虎, 刘毅. 一种基于数据挖掘技术的入侵检测模型研究. 微机发展2005, 15(2): 47~49
40 Jian Pei. Mining Sequential Patterns by Pattern-Growth: The IEEE Published by the IEEE Computer Society, 2004: 149~152
2 W. W. Cohen. Fast effective rule induction. In Machine Learning: the 12th International Conference, Lake Taho, CA, 2005: 134~143
3 Pei J, Han J, Pinto. PrefixSpan: mining sequential patterns efficiently ... 2001 Int Conf on DataEngineering. Heidelberg, Germany, 2001: 58~60
4 阮耀平, 易江波. 计算机系统入侵检侧模型与方法. 计算机工程, 2005, 18(3): 232~236
5 张凤琴, 张水平. 基于数据挖掘技术的入侵检测系统. 现代电子技术, 2005, (2): 56~62
6 张蕊, 朱清祥. 交互式的关联规则挖掘在入侵检测中的应用. 武汉理工大学学报(信息与管理工程版), 2005, 27(2): 54~56
7 Lee W. K. , Stolfo S. A framework for constructing features and models f... ACM Transactions on Information and System Securty, 2000, (4): 227~241
8 R. Agrawal, R. Srikant. Mining Sequential Patterns: Generalizations and Performance Improvements Proceeding of the Fifth Int’l Conference on Extending Database Technology(EDBT), 1996: 3~17
9 Andrew H. Sung, Srinivas Mukkamala.Identifying Important Features for Intrusion Data 2003 IEEE Proceedings of the 2003 Symposium on Applications and the Internet, 2003: 77~81
10 Jiawei Han, Micheline Kamber. 数据挖掘概念和技术. 北京机械工业出版社, 2001: 256~264
11 赵丽, 孙敏. 入侵检测系统的性能问题研究. 计算机工程与应用, 2005, 41(10): 138~140
12 李霞, 钟乐海. 基于数据挖掘的分布式入侵检测系统. 电子工程师, 2005, 31(3): 57~59
13 赵小林, 马锐. 网络入侵特征的关联检测算法. 计算机工程, 2004, 30(24): 96~98
14 Ding-Ying, Chiu Yi-Hung. An Efficient Algorithm for Mining Frequent 2004 IEEE Proceedings of the 20th International Conference on Data Engineering,2004: 93~102
15 李雄飞, 李军. 数据挖掘与知识发现. 高等教育出版社. 2003: 243~256
16 赵文武, 刘雪飞. 基于数据挖掘的入侵特征选择与构造的新方法. 计算机应用研究, 2005, (4): 128~130
17 宋世杰. 基于序列模式挖掘的误用入侵检测系统及其关键技术研究. 国防科学技术大学, 2005: 54~58
18 张博, 布日古德. 数据挖掘中的关联规则在入侵检测系统中的应用. 航空计算技术, 2005, (4): 124~127
19 韦必忠, 王勇. 数据挖掘技术在网络入侵检测中的应用分析. 沿海企业与科技, 2005, (2): 156~158
20 Akesh Agrawal, Ramakrishnan Srikant. Mining Sequential Patterns. IBM Almaden Research Center. 1995 IEEE, 1995: 322~326
21 秦姣华, 向旭宇. 数据挖掘在入侵检测中的应用. 现代计算机, 2006, (1): 23~26
22 褚永刚, 杨义先. 入侵监测系统地的技术发展趋势. 世界电信, 2005: 43~49
23 莫林利, 王长征. 网络入侵检测技术研究. 科技广场, 2005, (2): 35~36
24 Manganaris S, Christensen M, A Data Mining Analysis of RTID Alarms. Computer Networks, 2000, (4): 571~577
25 W. Lee, S. Stolfo. Data mining Approaches for Intrusion Detection[C]. In: Proc
7th USENIX Security Symposium (SECURITY'98), San Antonio. TX, 1998: 79~94
26 Eleazar Eskin, Andrew Arnold. A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabled Data. Data Mining for Security Application(DMSA 2002). Kluwer, 2002: 136~149
27 郭军华. 网络入侵检测中的数据挖掘技术探讨. 科技广场, 2005, (2): 37~38
28 熊家军. 基于数据挖掘的入侵检测关键技术研究. 华中科技大学, 2004: 92~96
29 邹宏, 陈海. 基于数据挖掘的入侵检测技术研究. 计算机与代化, 2005, (4): 39~41
30 Q. Zheng, K. Xu. The Algorithms of Updating Sequential Patterns. The Second SIAM Data mining’2002: workshop HPDM, Washington, USA, 2005: 42~45
31 Ju-Dong Ren, Lung-Lung Yang. An Algorithm For Mining Generalized Sequential Pat Proceedings of the Third International Conference on MachineLeaming and Cybernetics, Shanghai, February 26-March 1, 2004: 26~29
32 R. Agrawal, T. Imielinski. Mining Association Rules Between Sets of Items in Large Databases. Proceedings of the ACM SIGMOD Conference on Management of Data, 2004: 207~216
33 Zaki M. J. Efficient Enumeration of Frequent Sequences. In: Proceedings of the 2003 ACM 7th International Conference on Information and Knowledge Management. Washington, USA, 1998: 68~75
34 Han J., Wang J. Mining top-k frequent closed patterns without minimum support. Proc 2002 Int Conf on Data Mining, Maebashi, Japan: IEEE Press, 2004: 211~218
35 W. Lee, S. Stolfo. Data Mining Approaches for Intrusion Detection. In: Proc 7th USENIX Security Symposium (SECURITY'98), San Antonio. TX, 2004: 79~94
36 F. Shi. Genetic Algorithms for Feature Selection in An Intrusion Detection Application. Masters thesis. Mississippi State University. Mississippi State, MS, 2001: 247~264
37 耿俊燕, 吴灏. 数据挖掘在入侵检测系统中的应用研究. 计算机工程与设计, 2005, 26(4): 870~872
38 谭雅莉. 基于数据挖掘得入侵检测系统设计. 电脑知识与技术, 2005, (9): 15~16
39 严大虎, 刘毅. 一种基于数据挖掘技术的入侵检测模型研究. 微机发展2005, 15(2): 47~49
40 Jian Pei. Mining Sequential Patterns by Pattern-Growth: The IEEE Published by the IEEE Computer Society, 2004: 149~152