数据挖掘在入侵检测系统中的应用研究
|
摘要
随着社会信息化程度的不断提高,人类社会对计算机网络的依赖程度也越来越高。与此同时计算机网络本身具有的开放性、共享性等特点所带来的网络安全问题也日渐突出。如何能保证庞大的网络正常、安全、高效、平稳的运转成为当务之急。入侵检测技术应运而生,它是继防火墙、数据加密技术等传统安全技术后的又一种全新的网络安全保障技术。与以往被动激发的安全技术不同,入侵检测技术是一种主动检测的安全技术,是对传统防火墙等技术的必要补充,入侵检测技术的应用将大大提高网络安全防范能力。
本文针对基于数据挖掘的入侵检测技术展开研究。文章详细介绍了入侵检测技术和数据挖掘技术的基本原理,深入分析了普遍应用于入侵检测系统中的数据挖掘算法。其中主要对Apriori算法进行了重点分析和研究,从提高检测算法对入侵识别的有效性和降低误报、漏报率出发,对传统Apriori算法提出了改进,并通过实验证明了其合理性。改进后的算法排除了一些无意义的规则对结果的影响,提高了系统效率,使其更适用于入侵检测系统。文章最后提出了一个基于改进算法的入侵检测模型,并分析和阐述了其工作原理。
With the continuous development of the information society , the human society has become increasingly dependent on computer network. At the same time, the computer network security issues are increasingly prominent, which is caused by the open and shared characteristics of network itself.
The issue how we can ensure the huge network operates in normal, safe, efficient and smooth way has become a top priority. Intrusion Detection Technology comes into being, which is a new network security technology after the traditional security technology of the firewall and data encryption technology. Intrusion Detection Technology is a pro-active detection of security technology and different to the past passive safety technology, which is a necessary complement to the traditional technology of firewall. Intrusion detection technology applications will greatly enhance the security of the network.
This paper aims at the Intrusion Detection Technology based on data mining. The paper describes the basic principles of the intrusion detection and data mining techniques and analysis the main data mining algorithms which is used in the intrusion detection system.
The data mining algorithm of Apriori is the main part we discussed in the paper. We improve the traditional Apriori algorithm. We focus on the detection efficiency and two indicators of misrepresentation and omission factor to improve the effectiveness of the invasion identify.
Excluding some frivolous rules that have little impact on the outcome to raise the efficiency of the system and that makes it more applicable to intrusion detection systems. The effectiveness is proved by the experiment in the paper. At the end of the paper, we proposed an intrusion detection model based on the improved algorithm .illustrate and analyze the principle of work.
本文针对基于数据挖掘的入侵检测技术展开研究。文章详细介绍了入侵检测技术和数据挖掘技术的基本原理,深入分析了普遍应用于入侵检测系统中的数据挖掘算法。其中主要对Apriori算法进行了重点分析和研究,从提高检测算法对入侵识别的有效性和降低误报、漏报率出发,对传统Apriori算法提出了改进,并通过实验证明了其合理性。改进后的算法排除了一些无意义的规则对结果的影响,提高了系统效率,使其更适用于入侵检测系统。文章最后提出了一个基于改进算法的入侵检测模型,并分析和阐述了其工作原理。
With the continuous development of the information society , the human society has become increasingly dependent on computer network. At the same time, the computer network security issues are increasingly prominent, which is caused by the open and shared characteristics of network itself.
The issue how we can ensure the huge network operates in normal, safe, efficient and smooth way has become a top priority. Intrusion Detection Technology comes into being, which is a new network security technology after the traditional security technology of the firewall and data encryption technology. Intrusion Detection Technology is a pro-active detection of security technology and different to the past passive safety technology, which is a necessary complement to the traditional technology of firewall. Intrusion detection technology applications will greatly enhance the security of the network.
This paper aims at the Intrusion Detection Technology based on data mining. The paper describes the basic principles of the intrusion detection and data mining techniques and analysis the main data mining algorithms which is used in the intrusion detection system.
The data mining algorithm of Apriori is the main part we discussed in the paper. We improve the traditional Apriori algorithm. We focus on the detection efficiency and two indicators of misrepresentation and omission factor to improve the effectiveness of the invasion identify.
Excluding some frivolous rules that have little impact on the outcome to raise the efficiency of the system and that makes it more applicable to intrusion detection systems. The effectiveness is proved by the experiment in the paper. At the end of the paper, we proposed an intrusion detection model based on the improved algorithm .illustrate and analyze the principle of work.
引文
[1]Jiawei Han,Micheline Kamber著.范明等译.数据挖掘概念与技术.北京:机械工业出版社,2001.
[2]Wenke Lee.A Data Mining for Constructing Feature and Model for Intrusion Detection System.Paper of the Degree of Doctor of Philosophy in the Graduate School of Arts and Sciences,COLUMBIA UNIVERSITY,1999.
[3]Wenke Lee,st.al.Algorithms for Mining System Audit Data.IEEE Symposium on Security and Privacy,1999.
[4]朱贵宏.基于数据挖掘的入侵检测系统研究.合肥:合肥工业大学,2006.
[5].Agrawal R,Mielinski T and A.Swami,Mining Association Rules Between Sets of Items in Large Databases.Proceeding of ACIFSIG,1990 International Conference.1993:207-216
[6]欧阳为民,蔡庆生.国际关联规则发现研究评述.计算机科学,1993.3:41-44
[7]张建忠,徐敬东,吴功宜等.分布式入侵检测系统研究与实现.计算机工程与应用,2004(36):160-163.
[8]J in Suk Kim st.al.CTAR:Classification Based on Temporal Class-Association Rules for Intrusion.WISA 2003,LNCS 2908,2004:84-96.
[9]Anderson J.P.Computer security threat monitoring and surveillance PA 19034.USA.1980.4.
[10]戴英侠,连一峰,王航.系统安全与入侵检测.北京:清华大学出版社,2002.
[11]Rebecca Gurley Bace著.陈名奇,吴球新,张震涛等译.入侵检测.北京:人民邮电出版社.2000,6.
[12]Paul E.Proctor著.入侵检测实用手册,邓琦皓,许鸿飞,张斌译,北京:中国电力出版社,2002
[13]蒋建春,冯登国.网络入侵检测原理与技术.北京:国防工业出社,2001.7.
[14]陈文伟,黄金才,赵新昱,数据挖掘技术,北京:北京工业大学出版社,2002
[15]Ryszard S.Michalski,Ivan Bratko,Miroslav Kuba著.朱明等译.机器学习与数据挖掘方法和应用.北京:电子工业出版社,2004.
[16]David Hand,Heikki Mannila,Padhraic Smyth著.张银奎,廖丽,宋俊等译.Principles of data mining.北京:机械工业出版社,2003.
[17]Pang-Ning Tan,Michael Steinbach,Vipin Kumar著.范明,范宏建等译.Introduction to data mining.北京:人民邮电出版社,2006.
[18]蒋建春,冯登国.网络入侵检测原理与技术.北京:国防工业出版社,2001.
[19]唐正军等.网络入侵检测系统的设计与实现.北京:电子工业出版社,2002
[20]范明,李川.在FP树中挖掘频繁模式而不生成条件FP树.计算机研究与发展,2003,40(8):1216—1222.
[21]吴际,黄传河,王丽娜.基于数据挖掘的入侵检测系统研究.计算机工程与应用,2003,40(4):166—168.
[22]杨忠勇.基于数据挖掘的入侵检测系统研究:(硕士学位论文).西安:西安工业大学软件与微电子学院,2007.
[23]催国华,候澄志,洪帆.审计日志的关联规则挖掘.华中科技大学学报(自然科学版),2002,30(9):28-30.
[24]周皓峰,朱扬勇,施伯乐.一个基于兴趣度的关联规则采掘算法.计算机研究与发展,2002,39(4):450-457。
[25]周欣,沙朝锋,朱扬勇等.兴趣度——关联规则的另一个阈值.计算机研究与发展,2000,37(5):627-633.
[26]董祥军,王舒静,宋翰涛等.负关联规则的研究.计算机应用与工程,2004,40(11):978-981.
[27]齐建东,陶兰,孙总参.网络异常行为的检测方法.计算机工程.2004,30(5):104-105.
[28]李川川.基于序列模式挖掘的网络入侵检测系统(硕士学位论文).长春:吉林大学,2006.
[29]E.Eskin,A.Arnold,M.Prerau etal.A Geometries Framework for UnsuPervised Anomaly Detection:Detecting Intrusions in Unlabeled Data,Data Mining for Security Applications,Kluwer,2002.
[30]范明,李川.在FP2树中挖掘频繁模式而不生成条件.计算机研究与发展,2003,40(8):1216-1222.
[31]Cheung-Leung Lui,Tak-Chung Fu,Ting-Yee Cheung.Agent-based Network Intrusion Detection System Using Data Mining Approaches.Proceedings of the Third International Conference on Information Technology and Applications(ICITA'05)2005.
[32]Weidong Li,Kejun Zhang,Boqun Li,Bingru Yang.An Efficlent Framework For Intrusion Detection Based on Data Mining.China:School of Information of Science&Engineering,University Technology Beijing.
[33]K.Wang,S.J.Stolof.Anomalous Payload-based Network Intrusion Detection,In Proceedings of the Seventh International SymPosium on Recent Advance in Intrusion Detection(RAID),2004.
[34]http://www.tenwe.com/tech/language/c/200709/content_1587.shtml
[35]杨义先,钮心忻.入侵检测理论与技术.北京:高等教育出版社,2006.
[36]Jack Koziol著.吴溥峰,孙默,许诚等译.Snort入侵检测实用解决方案.北京:机械工业出版社,2005.
[37]李波.基于数据挖掘的异常模式入侵检测研究:(硕士学位论文).沈阳:东北大学,2005.
[38]http://kdd.ics.uci.edu//databases/kddcup99/kddcup99.html
[2]Wenke Lee.A Data Mining for Constructing Feature and Model for Intrusion Detection System.Paper of the Degree of Doctor of Philosophy in the Graduate School of Arts and Sciences,COLUMBIA UNIVERSITY,1999.
[3]Wenke Lee,st.al.Algorithms for Mining System Audit Data.IEEE Symposium on Security and Privacy,1999.
[4]朱贵宏.基于数据挖掘的入侵检测系统研究.合肥:合肥工业大学,2006.
[5].Agrawal R,Mielinski T and A.Swami,Mining Association Rules Between Sets of Items in Large Databases.Proceeding of ACIFSIG,1990 International Conference.1993:207-216
[6]欧阳为民,蔡庆生.国际关联规则发现研究评述.计算机科学,1993.3:41-44
[7]张建忠,徐敬东,吴功宜等.分布式入侵检测系统研究与实现.计算机工程与应用,2004(36):160-163.
[8]J in Suk Kim st.al.CTAR:Classification Based on Temporal Class-Association Rules for Intrusion.WISA 2003,LNCS 2908,2004:84-96.
[9]Anderson J.P.Computer security threat monitoring and surveillance PA 19034.USA.1980.4.
[10]戴英侠,连一峰,王航.系统安全与入侵检测.北京:清华大学出版社,2002.
[11]Rebecca Gurley Bace著.陈名奇,吴球新,张震涛等译.入侵检测.北京:人民邮电出版社.2000,6.
[12]Paul E.Proctor著.入侵检测实用手册,邓琦皓,许鸿飞,张斌译,北京:中国电力出版社,2002
[13]蒋建春,冯登国.网络入侵检测原理与技术.北京:国防工业出社,2001.7.
[14]陈文伟,黄金才,赵新昱,数据挖掘技术,北京:北京工业大学出版社,2002
[15]Ryszard S.Michalski,Ivan Bratko,Miroslav Kuba著.朱明等译.机器学习与数据挖掘方法和应用.北京:电子工业出版社,2004.
[16]David Hand,Heikki Mannila,Padhraic Smyth著.张银奎,廖丽,宋俊等译.Principles of data mining.北京:机械工业出版社,2003.
[17]Pang-Ning Tan,Michael Steinbach,Vipin Kumar著.范明,范宏建等译.Introduction to data mining.北京:人民邮电出版社,2006.
[18]蒋建春,冯登国.网络入侵检测原理与技术.北京:国防工业出版社,2001.
[19]唐正军等.网络入侵检测系统的设计与实现.北京:电子工业出版社,2002
[20]范明,李川.在FP树中挖掘频繁模式而不生成条件FP树.计算机研究与发展,2003,40(8):1216—1222.
[21]吴际,黄传河,王丽娜.基于数据挖掘的入侵检测系统研究.计算机工程与应用,2003,40(4):166—168.
[22]杨忠勇.基于数据挖掘的入侵检测系统研究:(硕士学位论文).西安:西安工业大学软件与微电子学院,2007.
[23]催国华,候澄志,洪帆.审计日志的关联规则挖掘.华中科技大学学报(自然科学版),2002,30(9):28-30.
[24]周皓峰,朱扬勇,施伯乐.一个基于兴趣度的关联规则采掘算法.计算机研究与发展,2002,39(4):450-457。
[25]周欣,沙朝锋,朱扬勇等.兴趣度——关联规则的另一个阈值.计算机研究与发展,2000,37(5):627-633.
[26]董祥军,王舒静,宋翰涛等.负关联规则的研究.计算机应用与工程,2004,40(11):978-981.
[27]齐建东,陶兰,孙总参.网络异常行为的检测方法.计算机工程.2004,30(5):104-105.
[28]李川川.基于序列模式挖掘的网络入侵检测系统(硕士学位论文).长春:吉林大学,2006.
[29]E.Eskin,A.Arnold,M.Prerau etal.A Geometries Framework for UnsuPervised Anomaly Detection:Detecting Intrusions in Unlabeled Data,Data Mining for Security Applications,Kluwer,2002.
[30]范明,李川.在FP2树中挖掘频繁模式而不生成条件.计算机研究与发展,2003,40(8):1216-1222.
[31]Cheung-Leung Lui,Tak-Chung Fu,Ting-Yee Cheung.Agent-based Network Intrusion Detection System Using Data Mining Approaches.Proceedings of the Third International Conference on Information Technology and Applications(ICITA'05)2005.
[32]Weidong Li,Kejun Zhang,Boqun Li,Bingru Yang.An Efficlent Framework For Intrusion Detection Based on Data Mining.China:School of Information of Science&Engineering,University Technology Beijing.
[33]K.Wang,S.J.Stolof.Anomalous Payload-based Network Intrusion Detection,In Proceedings of the Seventh International SymPosium on Recent Advance in Intrusion Detection(RAID),2004.
[34]http://www.tenwe.com/tech/language/c/200709/content_1587.shtml
[35]杨义先,钮心忻.入侵检测理论与技术.北京:高等教育出版社,2006.
[36]Jack Koziol著.吴溥峰,孙默,许诚等译.Snort入侵检测实用解决方案.北京:机械工业出版社,2005.
[37]李波.基于数据挖掘的异常模式入侵检测研究:(硕士学位论文).沈阳:东北大学,2005.
[38]http://kdd.ics.uci.edu//databases/kddcup99/kddcup99.html