《基于数据挖掘的入侵检测全局信息提取》-毕业论文（设计）.doc

HUNAN UNIVERSITY 毕业设计（论文） 设计（论文）题目：基于数据挖掘的入侵检测全局信息提取 基于数据挖掘的入侵检测全局信息提取 摘 要 现行的入侵检测系统（Intrusion Detection System, IDS）在利用用户行为特征来建立正常模式或异常模式时，由于没有很好的利用数据挖掘技术，所提取的用户行为特性和入侵模式特征不能很好的反映实际情况。另外，所建立的正常模式或异常模式也不够完善，容易造成误报或漏洞，给网络系统造成损失。此外，它们大多采用人工生成攻击特征的方式来检测入侵，这使得入侵检测系统更新比较缓慢且较昂贵。数据挖掘在用户行为特征提取方面具有很大的优势。本文根据IDS的特点，将数据挖掘技术应用于IDS中，设计了基于数据挖掘的IDS结构模型，克服了一般入侵检测系统存在误警率高的不足。该模型首先从训练数据中提取规则，然后用这些规则去检测新的入侵。实验结果表明，将数据挖掘运用到入侵检测系统中是行之有效的，规则的更新和系统的更新较快且低廉，检测率也高。 关键词：网络安全，入侵检测，特征检测，数据挖掘，聚类算法 Based on Data Mining in Intrusion Detection Overall Information Extraction Abstract Existing intrusion detection system (Intrusion Detection System, IDS) in the use of the characteristics of user behavior patterns to create a normal or abnormal mode, the absence of a good use of data mining technology, the extraction of features and user behavior patterns characteristic of invasion can not good reflect the actual situation. In addition, the establishment of the normal mode or unusual model is not perfect, easily leading to false positives or loopholes which will cost losses to the network system. In addition, they are mostly used to generate attacks on the characteristics of artificial means to detect the invasion, which makes intrusion detection system slow to update and more expensive. Data mining user behavior in the feature extraction has a great advantage. In this paper, based on the characteristics of IDS and the IDS data mining technology, the design of data mining-based IDS model, is to overcome high rate of a general intrusion detection system false alarm. First of all, the model training data extract from the rules, and then use these rules to detect new incursions. The experimental results show that the use of data mining to intrusion detection system is effective, rules updating and system updating faster and cheaper, detection rate higher. Key Words： network security, intrusion detection, Feature Detection, data mining, clustering algorithm 目 录 TOC \o