跳到主要內容

臺灣博碩士論文加值系統

(100.24.118.144) 您好!臺灣時間:2022/12/06 06:06
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:楊國樺
研究生(外文):Kuo-Hua Yang
論文名稱:結合隱藏式馬可夫模型與簡單貝氏網路分類器應用於入侵偵測系統
論文名稱(外文):Intrusion Detection Systems based on Hybrid Hidden Markov Models and Naïve Bayes Classifiers
指導教授:鮑興國鮑興國引用關係
學位類別:碩士
校院名稱:國立臺灣科技大學
系所名稱:資訊工程系
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2006
畢業學年度:94
語文別:中文
論文頁數:53
中文關鍵詞:入侵偵測系統隱藏式馬可夫模型簡單貝氏網路分類器
外文關鍵詞:intrusion detection systemshidden markov modelsnaive bayes classifiers
相關次數:
  • 被引用被引用:14
  • 點閱點閱:590
  • 評分評分:
  • 下載下載:97
  • 收藏至我的研究室書目清單書目收藏:2
在現今網路相連、攻擊模式日益複雜的環境下, 一般網管採用防火牆為資訊安全的保
障措施, 只能進行被動的封包過濾防禦, 無法因應現今複雜多變的攻擊模式; 因而建構
輔助防火牆的入侵偵測系統, 是當今提升資訊安全的不二法門。一般來說, 隱藏式馬可
夫模型多用來處理入侵偵測的工作, 因為這一類型的資料集大多是序列資料, 特別來
說我們也可以建立一個正常行為模型的異常入侵偵測系統, 其中用來建立正常行為模
型的資料集, 可以來自是系統根據使用者行為所產生豐富的系統呼叫, 另一方面由於一
般隱藏式馬可夫模型對於在每一個狀態下產生純量符號的表現較佳, 我們引進簡單馬
可夫模型。在許多的案例中, 簡單貝式網路分類器對於處理多維度資料集, 有著簡單、
快速、又有效的特性。所以, 在本篇論文中, 我們提出了一個結合隱藏式馬可夫模型與
簡單貝氏網路分類器作為入侵偵測系統架構的核心技術。最後, 於實驗的部分中, 我們
的系統將使用KDD Cup 99 資料集來評估。經過評估之後, 我們的系統對於U2R
與R2L 這兩類攻擊的偵測率與KDD Cup 99 winner 相比之下來的高。
Under the internet and attacks modes are complicated environment
day by day now, the general network management adopts
the firewall as the guarantee measure of the information safety.
Generally speaking, Hidden Markov Models detected intrusion detection
for more, because it is mostly sequence datasets, especially
the anomaly detection systems that we can set up a normal behavior
models and the datasets collection of the normal behavior
model come from it is system call that generated by users. General
on the other hand the Hidden Markov Models model is relatively
good to producing the pure behavior of measuring the symbol under
every state, so our using simple Hidden Markov Models. In a
lot of cases, the Na¨ıve Bayes Classifiers are for dealing multidimension
datasets, there are simple , fast , and effective characteristics.
Among this page thesis, we propose methods combine with Hiddne
Markov Models and Na¨ıve Bayes Classifiers. Finally, in the part of
the experiment, our system will use KDD Cup 99 datasets. After
assessing, our system has better detection rate toward U2R and
R2L connections than KDD Cup 99 winner.
1 緒論1
1.1 研究背景與動機. . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 研究方法與成果. . . . . . . . . . . . . . . . . . . . . . . . 2
1.3 論文架構. . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2 相關的研究與發展4
2.1 入侵偵測系統的簡介. . . . . . . . . . . . . . . . . . . . . 4
2.1.1 入侵偵測系統的起源與發展. . . . . . . . . . . . . . 5
2.1.2 入侵偵測系統的分類. . . . . . . . . . . . . . . . . 6
2.2 現存的方法. . . . . . . . . . . . . . . . . . . . . . . . . . 7
3 系統架構9
3.1 隱藏式馬可夫模型(Hidden Markov Models) . . . . . . . 9
3.1.1 Forward and Backward Algorithm . . . . . . 11
3.1.2 Baum-Welch Algorithm . . . . . . . . . . . . 12
3.1.3 Viterbi Algorithm . . . . . . . . . . . . . . . . 14
3.2 簡單貝氏分類器(Na¨ıve Bayes Classifiers) . . . . . . . . 16
3.2.1 簡單貝氏分類器的介紹. . . . . . . . . . . . . . . . 16
3.2.2 簡單貝氏分類器的機率估計. . . . . . . . . . . . . . 16
3.3 多維隱藏式馬可夫分類器. . . . . . . . . . . . . . . . . . . 17
3.3.1 結合隱藏式馬可夫模型與簡單貝氏分類器. . . . . . . 18
3.3.2 結合隱藏式馬可夫模型與支撐向量機(Support Vector
Machines) . . . . . . . . . . . . . . . . . . 20
3.4 未知類別資料集(Unlabel datasets) 的處理. . . . . . . . 23
3.4.1 結合隱藏式馬可夫模型與高斯混合模型(Gaussian Mixture
Model) . . . . . . . . . . . . . . . . . . . 23
4 實驗與分析27
4.1 資料的描述與處理. . . . . . . . . . . . . . . . . . . . . . . 27
4.2 實驗結果. . . . . . . . . . . . . . . . . . . . . . . . . . . 30
5 結論35
5.1 研究討論. . . . . . . . . . . . . . . . . . . . . . . . . . . 35
5.2 未來展望. . . . . . . . . . . . . . . . . . . . . . . . . . . 36
[1] N. Abouzakhar, A. Gani, G. Manson, and D. King. Bayesian
learning networks approach to cybercrime detection. In Post-
Graduate Symposium PGNET 2003, John Moore University,
Liverpool, June 2003.
[2] N. B. Amor, S. Benferhat, and Z. Elouedi. Naive bayes vs
decision trees in intrusion detection systems. Proceedings of
the 2004 ACM symposium on Applied computing, pages 420–
424, 2004.
[3] J. P. Anderson. Computer security threat monitoring and
surveillance. Technical Report, James P. Anderson Co., Fort
Washington, Pennsylvania., 1980.
[4] J. A. Bilmes. A gentle tutorial of em algorithm and its application
to parameter estimation for gaussian mixture and hidden
markov models. Technical Report, University of Berkeley,
ICSI-TR-97-021, 1997.
[5] S. T. BRUGGER. Data mining methods for network intrusion
detection. ACM Computing Surveys, 2005.
[6] G. A. Churchill. Stochastic models for heterogeneous dna sequences.
Bull. Math. Biol., (51):79–94, 1989.
[7] A. P. Dempster, N. M. Laird, and D. B. Rubin. Maximum
likelihood from incomplete data via the em algorithm. J.Roy.
Stat. Soc., 39(1):1–38, 1977.
[8] D. E. Denning. An intrusion-detection model. IEEE Transactions
on Software Engineer, SE-13(2), Feb 1987.
[9] D. E. Denning, D. Edwards, R. Jagannathan, T. Lunt, and
P. Neumann. A prototype ides: A real-time intrusion detection
expert system. SRI International, 1987.
[10] K. L. Eikvil and R. B. Huseby. Applications of hidden markov
chains in image analysis. The Journal of Pattern Recognition
Society, (32):703–713, 1999.
[11] R. J. Elliott, L. Aggoun, and J. B. Moore. Hidden markov
models: Estimation and control. New York: Springer, 1995.
[12] U. M. Fayyad and K. B. Irani. Multi-interval discretization of
continuous-valued attributes for classification learning. Proc.
13th Int. Joint Conf. AI (IJCAI-93), Chamberry, France,
Aug./ Sep. 1993.
[13] P. Frasconi, G. Soda, and A. Vullo. Text categorization for
multi-page documents: a hybrid naive bayes hmm approach.
Proceedings of the 1st ACM/IEEE-CS joint conference on
Digital libraries., pages 11–20, 2001.
[14] H. Hartley. Maximum likelihood estimation from incomplete
data. Biometrics, 14:174–194, 1958.
[15] L. Heberlein, G. Dias, K. Levitt, B. Mukherjee, J. Wood, and
D. Wolber. A network security monitor. Proceedings of the
IEEE Symposium on Research in Security and Privacy, 1990.
[16] M. I. Jordan. Learning in Graphical Models. Kluwer Academic
Publishers, 1998.
[17] A. Korgh, M. Brown, I. S. Mian, k. Sjolander, and D. Haussler.
Hidden markov models in computational biology: applications
to protein modeling. J. Mol. Biol., (235):1501–1513, 1994.
[18] Y.-J. Lee and O. L. Mangasarian. SSVM: A smooth
support vector machine. Computational Optimization
and Applications, 20:5–22, 2001. Data Mining Institute,
University of Wisconsin, Technical Report 99-03.
ftp://ftp.cs.wisc.edu/pub/dmi/tech-reports/99-03.ps.
[19] T. Lunt and R. Jagannathan. A prototype real-time intrusion
detection expert system. Proceedings of the 1988 IEEE
Symposium on Security and Privacy, Oakland,CA, 1988.
[20] S. J. Mckenna, S. Gong, and Y. Raja. Tracking colour objects
using adaptive mixture models. Image and Vision Computing,
17(3-4):225–231, 1999.
[21] T. P. Minka. Expectation-maximization as lower bound maximization.
1998.
[22] L. Rabiner and B. Huang. Fundamentals of speech recongnition.
Englewood Cliffs, NJ:Prentice-Hall, 1993.
[23] L. R. Rabiner. A tutorial on hidden markov models and selected
applications in speech recognition. Proceedings of the
IEEE, 77(22):257–286, 1989.
[24] M. Sabhmani and G. Serpen. An application of machine learning
algorithms to kdd intrusion detection dataset within misuse
detection context. In Proceedings of the International
Conference on Machine Learning, Models, Technologies and
Applications (MLMTA 2003), pages 209–215, 2003.
[25] M. Sebring, E. Shellhouse, M. Hanna, and R. Whitehurst. Expert
systems in intrusion detection: A case study. Proceedings
of the 11th National Computer Security Conference, 1988.
[26] J. Sherif and T. Dearmond. Intrusion detection: Systems and
models. in proc. of the Eleventh IEEE International Workshops
on Enabling Technologies: Infrastructure for Collaborative
Enterprises (WETICE 02)., pages 1–19, 2002.
[27] S. E. Smaha. Haystack: An intrusion detection system. Proceedings
Fourth Aerospace, Orlando, Florida, 1988.
[28] C. Tomasi. Estimating gaussian mixture densities with em - a
tutorial. 2003.
[29] V. Vapnik. Estimation of dependencies based on empirical
data. Springer, 1982.
[30] V. N. Vapnik. The nature of statistical learning theory.
Springer-Verlag, New York, 1995.
[31] L. K. Yang. A cascading intrusion detection framework using
ocsvm and ssvm. 2005.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top