基于数据挖掘的智能入侵检测系统研究
|
摘要
随着网络的日益普及和发展,网络已经渗透到社会生活的各个角落,网络带给人们方便的同时也带来一系列的安全问题。入侵检测系统是网络安全体系的重要一环。计算机安全问题日益突出,对入侵检测系统提出了更高的要求。然而,传统的入侵检测系统在有效性、适应性、可扩展性、自学习性等方面都存在不足。
数据挖掘能从大量的、有噪声的、随机的数据中提取出有用的信息,而代理技术可使入侵检测系统具有清晰的系统结构、良好的可扩展性和可移植性。本文对数据挖掘技术和智能检测代理在入侵检测系统中的应用进行研究,提出了一个基于数据挖掘、Agent技术的入侵检测系统框架。该原型设计了基于多代理间相互通信协同检测的体系框架,通过各代理的协同检测,构建了一个层次化的防护体系构架。利用移动Agent的智能性、移动性,在网络节点间进行迁移检测入侵。本文提出了基于聚类分析和SVM的入侵检测算法,有效地减少了大规模数据的训练时间,并在保证分类精度的前提下提高了SVM的判别效率。
With the popularity and development of the Internet, the Internet has penetrated into every corner of our social. The network has brought convenience to the people, but it also created a series of safety problem at the same time. The system of intrusion detection is an important part for network's security. The computer criminal is more and more pressing and dangerous nowadays, which poses urgent demands on the performance of IDS. However, current intrusion detection systems lack effectiveness, adaptability extensibility and ability of self-study.
Mining data can get useful information from vast, noisy and random data, and the Agent helps the intrusion detection system get clear system structure, good expansibility and portability. The application of data mining and agent technique in intrusion detection system will be studied in this paper, and a framework based data mining and agent technique will be put forward. An architecture based on inter-communications and coordinated detection among multiple agents is designed in this prototype. By the collaboration of these agents, we construct a hierarchical defending system. Intellectuality and transferability mobile Agent is utilized to move and detect intrusion among network nodes. This paper proposes a new SVM algorithm based on clustering to reduce the training time of large-scale data, and improve the detection speed of SVM while guaranteeing the accuracy of classification.
数据挖掘能从大量的、有噪声的、随机的数据中提取出有用的信息,而代理技术可使入侵检测系统具有清晰的系统结构、良好的可扩展性和可移植性。本文对数据挖掘技术和智能检测代理在入侵检测系统中的应用进行研究,提出了一个基于数据挖掘、Agent技术的入侵检测系统框架。该原型设计了基于多代理间相互通信协同检测的体系框架,通过各代理的协同检测,构建了一个层次化的防护体系构架。利用移动Agent的智能性、移动性,在网络节点间进行迁移检测入侵。本文提出了基于聚类分析和SVM的入侵检测算法,有效地减少了大规模数据的训练时间,并在保证分类精度的前提下提高了SVM的判别效率。
With the popularity and development of the Internet, the Internet has penetrated into every corner of our social. The network has brought convenience to the people, but it also created a series of safety problem at the same time. The system of intrusion detection is an important part for network's security. The computer criminal is more and more pressing and dangerous nowadays, which poses urgent demands on the performance of IDS. However, current intrusion detection systems lack effectiveness, adaptability extensibility and ability of self-study.
Mining data can get useful information from vast, noisy and random data, and the Agent helps the intrusion detection system get clear system structure, good expansibility and portability. The application of data mining and agent technique in intrusion detection system will be studied in this paper, and a framework based data mining and agent technique will be put forward. An architecture based on inter-communications and coordinated detection among multiple agents is designed in this prototype. By the collaboration of these agents, we construct a hierarchical defending system. Intellectuality and transferability mobile Agent is utilized to move and detect intrusion among network nodes. This paper proposes a new SVM algorithm based on clustering to reduce the training time of large-scale data, and improve the detection speed of SVM while guaranteeing the accuracy of classification.
引文
[1]John McHugh.Intrusion and intrusion detection.International Journal of information security[J].2001,1.14-35.
[2]刘思培.基于移动代理的分布式入侵检测系统的设计与实现[D].长春:吉林大学[D],2006.
[3]Spafford,E.,and Zamboniy,D..Intrusion detection using autonomous agent[J].Computer Networks.2000,10,34(4).547-570.
[4]Balasubramaniyan,J.,Garcia-Fernandez.An Architecture for Intrusion using Autonomous Agent[C].In:Proceedings of the Computer Security Application Conference,1998.
[5]M.Asaka,S.Okazawa,A.Taguchi,S.Goto.Amethod of Tracing Intruder by Use of Mobile Agent[C].In:Proceeding of the 9~(th) Annual Internetworking Conference (INET'99).San Jose,California.June 1999.
[6]W.Lee,S.J.Stolfo,K.W.Mok.A Data Mining Framework for Building Intrusion Detection Model[C].In:Proceeding of the 1999 IEEE Symposium on Security and Privacy,May 1999,120-132.
[7]G.GHelmer,J.S.K.Wong,V.Honavar,L.Miller.Intelligent agents for Intrusion Detection Model[C].In:Proceedings,IEEE Information Technology conference,Syracuse,NY.September 1998:121-124.
[8]阎崇军.一种基于Agent的网络入侵检测系统.大连:大连理工大学[D].2005
[9]Wayne A.Jansen.Intrusion detection with mobile agent[J].Computer Communication.2002,25.1392-1401.
[10]Eugene H.Spafford,Diego Zamboni.Intrusion detection using autonomous agents [J].Computer Networks.2000,34.547-570.
[11]Nasser S.Abouzakhar,Gordon A.Manson.Networks security measure using neuron-fuzzy agents[J].Information Management & Computer Security.2003,11,1.33-38.
[12]Wenjian Luo,Xianbin Cao,Xufa Wang.NIDS Research Based on Artificial Immunology[C].ICICS 2001,LNCS 2229.371-375.
[13]Sung-Bae Cho,Hyuk-jang Park.Efficient Anomaly Detection by Modeling Privilege Flows using Hidden Markov[J].Computers & Security.2003,22(1).45-55.
[14]张千里,陈光英.网络安全新技术[M].北京:人民邮电出版社,2003.48-59.
[15]Miller EInoue.A collaborative Intrusion Diction System[c].Fuzzy Information Processing Society,IEEE.2003.519-524.
[16]Kahn C.Porras,EStaniford Chen S,Tung B.A Common Intrusion Detection Framework[J].Submitted to the Journal of Computer Security,http://www.isi.edu/gost/cidf/papers/cidf/papers/cidf-jcs.ps,accessed 2 June 2007.
[17]刘冬霞.基于移动Agent的入侵检测系统研究[D].济南:山东师范大学,2006
[18]毛志勇.基于移动代理的可动态构建分布式入侵检测系统研究[D].沈阳:辽宁工程技术大学,2006.
[19]IBM Aglets Workbench[Z].http://www.trl.ibm.com.aglets,accessed 16 July 2008.
[20]Recursion公司Voyager[Z].http://www.recursionsw.com.accessed 16 July 2008.
[21]T.Walsh,N.ZPaciorek,D.Wong.Security and reliability in Concordia[C].In Proceedings of the Thirty-First Hawaii International Conference on System Science,Vol.7,Jan.1998.
[22]R.Gray.Agent TCL:A flexible and secure mobile-agent system[C].In:Proceedings of the 4th Tcl/Tk Workshop,July 1996.
[23]M.Strasser,J.Baumann,f.Hole.A java based mobile agent system[C].Proceedings of ECOOP Workshop on Mobile objects,1996.
[24]Tagents official Web site[Z].http://www.tagents.org.accessed 16 July 2008.
[25]Rex di Bona,John Rosenberg.Causal Message Delivery in the Grasshopper Operating System[C].In:proceedings of the 29th Hawaii International conference on System Sciences,Vol.1:Software Technology and Architecture,January 1996.
[26]Kaariboga[Z].http://www.projector.de/kaariboga,accessed 23 April 2007.
[27]Ki[Z].http://www.etcee.com/javaworld/ki/index.htlm,accessed 18 July 2008.
[28]N.M.Kamik,A.R.Tripathi.A security architecture for mobile agents in Ajanta[C].In Proceedings 29th International Conference on Distributed on Distributed Computing Systems,April 2000.
[29]陶先平.基于Internet的软件agent技术.http://moon.nju.edu.cn/~txp/Agent Course/[Z],accessed 18 July 2008.
[30]包萨如拉.基于移动代理的入侵检测系统关键技术研究与实现[D].北京:北京工业大学,2006.
[31]罗杰文.移动主体(Mobile Agent)综述[Z].http://www.intsci.ac.cn/users/luojw/papers/MobileAgent.htm.accessed 23 April 2008.
[32]张云勇,张智江,刘锦德等.中间件技术原理与应用.北京:清华大学出版社,2004.188.
[33]陆汝铃.知识科学与计算科学[M].北京:清华大学出版社,2003.126-164.
[34]Han J,kamber M.范明,孟小峰译.Data Mining:Concepts and Techniques[M].北京:机械工业出版社.2001.
[35]陆丽娜,陈亚萍,魏恒义等.挖掘关联规则中Apriori算法的研究[J].小型微型计算机系统.2000,21(9).940-943.
[36]Agrawal R,Srikant R.Fast Algorithms for Mining Association Rules.Proceedings of 20th International Conference on Very large Data Bases,Santiago,Chile,1994.487-499.
[37]Agrawal R,Shafer J.Parallel Mining of Association Rules.IEEE Transaction on Knowledge and Data Engineering.1996,8(6).962-969.
[38]Srikant R,Agrawal R.Mining Generalized Association Rules.Proceedings of 20~(th)International Conference on Very large Data Bases,Santiago,1995.407-419.
[39]Grahne G,Zhu J.Fast algorithms for frequent item set mining using FP-trees.IEEE transactions on knowledge and data engineering.2005,17(10).1347-1362.
[40]柳春华,蒋天发.基于移动Agent的分布式入侵检测系统的开发研究[D].武汉:武汉大学.2006.39-52.
[2]刘思培.基于移动代理的分布式入侵检测系统的设计与实现[D].长春:吉林大学[D],2006.
[3]Spafford,E.,and Zamboniy,D..Intrusion detection using autonomous agent[J].Computer Networks.2000,10,34(4).547-570.
[4]Balasubramaniyan,J.,Garcia-Fernandez.An Architecture for Intrusion using Autonomous Agent[C].In:Proceedings of the Computer Security Application Conference,1998.
[5]M.Asaka,S.Okazawa,A.Taguchi,S.Goto.Amethod of Tracing Intruder by Use of Mobile Agent[C].In:Proceeding of the 9~(th) Annual Internetworking Conference (INET'99).San Jose,California.June 1999.
[6]W.Lee,S.J.Stolfo,K.W.Mok.A Data Mining Framework for Building Intrusion Detection Model[C].In:Proceeding of the 1999 IEEE Symposium on Security and Privacy,May 1999,120-132.
[7]G.GHelmer,J.S.K.Wong,V.Honavar,L.Miller.Intelligent agents for Intrusion Detection Model[C].In:Proceedings,IEEE Information Technology conference,Syracuse,NY.September 1998:121-124.
[8]阎崇军.一种基于Agent的网络入侵检测系统.大连:大连理工大学[D].2005
[9]Wayne A.Jansen.Intrusion detection with mobile agent[J].Computer Communication.2002,25.1392-1401.
[10]Eugene H.Spafford,Diego Zamboni.Intrusion detection using autonomous agents [J].Computer Networks.2000,34.547-570.
[11]Nasser S.Abouzakhar,Gordon A.Manson.Networks security measure using neuron-fuzzy agents[J].Information Management & Computer Security.2003,11,1.33-38.
[12]Wenjian Luo,Xianbin Cao,Xufa Wang.NIDS Research Based on Artificial Immunology[C].ICICS 2001,LNCS 2229.371-375.
[13]Sung-Bae Cho,Hyuk-jang Park.Efficient Anomaly Detection by Modeling Privilege Flows using Hidden Markov[J].Computers & Security.2003,22(1).45-55.
[14]张千里,陈光英.网络安全新技术[M].北京:人民邮电出版社,2003.48-59.
[15]Miller EInoue.A collaborative Intrusion Diction System[c].Fuzzy Information Processing Society,IEEE.2003.519-524.
[16]Kahn C.Porras,EStaniford Chen S,Tung B.A Common Intrusion Detection Framework[J].Submitted to the Journal of Computer Security,http://www.isi.edu/gost/cidf/papers/cidf/papers/cidf-jcs.ps,accessed 2 June 2007.
[17]刘冬霞.基于移动Agent的入侵检测系统研究[D].济南:山东师范大学,2006
[18]毛志勇.基于移动代理的可动态构建分布式入侵检测系统研究[D].沈阳:辽宁工程技术大学,2006.
[19]IBM Aglets Workbench[Z].http://www.trl.ibm.com.aglets,accessed 16 July 2008.
[20]Recursion公司Voyager[Z].http://www.recursionsw.com.accessed 16 July 2008.
[21]T.Walsh,N.ZPaciorek,D.Wong.Security and reliability in Concordia[C].In Proceedings of the Thirty-First Hawaii International Conference on System Science,Vol.7,Jan.1998.
[22]R.Gray.Agent TCL:A flexible and secure mobile-agent system[C].In:Proceedings of the 4th Tcl/Tk Workshop,July 1996.
[23]M.Strasser,J.Baumann,f.Hole.A java based mobile agent system[C].Proceedings of ECOOP Workshop on Mobile objects,1996.
[24]Tagents official Web site[Z].http://www.tagents.org.accessed 16 July 2008.
[25]Rex di Bona,John Rosenberg.Causal Message Delivery in the Grasshopper Operating System[C].In:proceedings of the 29th Hawaii International conference on System Sciences,Vol.1:Software Technology and Architecture,January 1996.
[26]Kaariboga[Z].http://www.projector.de/kaariboga,accessed 23 April 2007.
[27]Ki[Z].http://www.etcee.com/javaworld/ki/index.htlm,accessed 18 July 2008.
[28]N.M.Kamik,A.R.Tripathi.A security architecture for mobile agents in Ajanta[C].In Proceedings 29th International Conference on Distributed on Distributed Computing Systems,April 2000.
[29]陶先平.基于Internet的软件agent技术.http://moon.nju.edu.cn/~txp/Agent Course/[Z],accessed 18 July 2008.
[30]包萨如拉.基于移动代理的入侵检测系统关键技术研究与实现[D].北京:北京工业大学,2006.
[31]罗杰文.移动主体(Mobile Agent)综述[Z].http://www.intsci.ac.cn/users/luojw/papers/MobileAgent.htm.accessed 23 April 2008.
[32]张云勇,张智江,刘锦德等.中间件技术原理与应用.北京:清华大学出版社,2004.188.
[33]陆汝铃.知识科学与计算科学[M].北京:清华大学出版社,2003.126-164.
[34]Han J,kamber M.范明,孟小峰译.Data Mining:Concepts and Techniques[M].北京:机械工业出版社.2001.
[35]陆丽娜,陈亚萍,魏恒义等.挖掘关联规则中Apriori算法的研究[J].小型微型计算机系统.2000,21(9).940-943.
[36]Agrawal R,Srikant R.Fast Algorithms for Mining Association Rules.Proceedings of 20th International Conference on Very large Data Bases,Santiago,Chile,1994.487-499.
[37]Agrawal R,Shafer J.Parallel Mining of Association Rules.IEEE Transaction on Knowledge and Data Engineering.1996,8(6).962-969.
[38]Srikant R,Agrawal R.Mining Generalized Association Rules.Proceedings of 20~(th)International Conference on Very large Data Bases,Santiago,1995.407-419.
[39]Grahne G,Zhu J.Fast algorithms for frequent item set mining using FP-trees.IEEE transactions on knowledge and data engineering.2005,17(10).1347-1362.
[40]柳春华,蒋天发.基于移动Agent的分布式入侵检测系统的开发研究[D].武汉:武汉大学.2006.39-52.