跳到主要內容

臺灣博碩士論文加值系統

(2600:1f28:365:80b0:90c8:68ff:e28a:b3d9) 您好!臺灣時間:2025/01/16 08:08
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:楊博仁
研究生(外文):Bo-Ren Yang
論文名稱:基於支持向量機之雙層式網路流量異常偵測系統
論文名稱(外文):Two-tier Network Traffic Anomaly Detection System with Support Vector Machine
指導教授:王智弘王智弘引用關係
指導教授(外文):Chih-Hung Wang
學位類別:碩士
校院名稱:國立嘉義大學
系所名稱:資訊工程學系研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2008
畢業學年度:96
語文別:中文
論文頁數:61
中文關鍵詞:入侵偵測系統異常偵測雙層式異常偵測系統支持向量機
外文關鍵詞:Intrusion detection systemanomaly detectionTwo-tier anomaly detectionSupport Vector Machine
相關次數:
  • 被引用被引用:0
  • 點閱點閱:367
  • 評分評分:
  • 下載下載:3
  • 收藏至我的研究室書目清單書目收藏:0
  入侵偵測系統(Intrusion Detection System)近年來的研究方向主要以異常偵測(Anomaly detection)為主,由於異常偵測在目前所面臨的瓶頸仍然是偵測效果不佳,及誤報率較高兩大問題,因此本研究針對網路流量之封包資訊,提出一套雙層式異常偵測系統(Two-tier Anomaly Detection System),透過支持向量機(Support Vector Machine)與現有的異常網路偵測模組合作之方式,再加上特徵選取的動作,使異常偵測系統能在標準的誤報率範圍下,有效地提昇其整體偵測率,實驗採用DARPA 1999 Dataset,以求標準且公開的方式來評估本系統。另外我們分別從嘉大資工資訊安全實驗室與成大Testbed@TWISC收集真實網路資料,並與DARPA 1999 Dataset進行混合,以做為訓練進階系統模型。實驗結果評估本系統可適用於真實網路資料的分析。
 
  本論文主要貢獻如下:(1) 有效改善異常偵測系統在誤報率過高與偵測率偏低的問題;(2) 可適用於真實網路資料的分析。

  In recently years, the main research topic of the Intrusion Detection System (IDS) focuses on anomaly detection technology. However, the anomaly detection technology has a critical problem that both of the detection rate and false positive rate are not yet acceptable in practice. In this thesis, a two-tier anomaly detection system including traditional anomaly detection method with Support Vector Machine (SVM), coupled with the feature selection procedure, is proposed to improve the false positive rate and the detection rate. In order to evaluate the proposed system in standardization, DARPA 1999 Dataset is used in the experiments. Moreover, the real network traffic collected from ISLab of CSIE@NCYU and Testbed of TWISC@NCKU is required to mix with DARPA 1999 Dataset for advanced model training, which can make the proposed system run with better detection rates in the real network environment.
 
  There are two important contributions in this thesis: (1) improve false alarm rates and detection rates in anomaly detection and (2) the proposed model can be applicable to the analysis of real network traffic.

摘要 ............................................i
ABSTRACT .......................................ii
誌謝 ..........................................iii
第一章 導論 ....................................1
1.1 研究背景 ....................................1
1.2 研究動機 ....................................2
1.3 論文架構 ....................................2
第二章 相關研究 ................................3
2.1 入侵偵測系統概觀 ............................3
2.1.1 網路型入侵偵測系統 ........................3
2.1.2 主機型入侵偵測系統 ........................4
2.1.3 誤用型入侵偵測系統 ........................5
2.1.4 異常型入侵偵測系統 ........................7
2.1.5 混合型入侵偵測系統 ........................8
2.2 異常行為的定義 ..............................9
2.3 基於網路流量之異常偵測模組 .................10
2.4 支持向量機 .................................13
2.5 網路攻擊的種類 .............................18
2.5.1 Probe ....................................18
2.5.2 Denial of Service (DoS) ..................18
2.5.3 Remote to Local (R2L) ....................20
2.5.4 User to Root (U2R) .......................20
2.6 人工網路資料分析 ...........................20
2.6.1 DARPA網路資料集 ..........................21
2.6.2 KDDCUP' 99 資料集 ........................23
2.7 網路資料收集平台 – Testbed@TWISC [32] .....24
第三章 雙層式異常偵測系統 .....................26
3.1 網路流量異常偵測模組的問題 .................26
3.2 系統架構 ...................................27
3.3 資料分析 ...................................29
3.4 真實網路與模擬網路資料之混合 ...............30
3.5 NETAD異常偵測 ..............................31
3.6 特徵選取 ...................................33
3.7 SVM分類器 ..................................35
3.8 雙層式異常偵測演算法 .......................37
第四章 實驗與分析 .............................39
4.1 實驗設定 ...................................39
4.2 實驗資料 ...................................41
4.2.1 真實網路攻擊資料之收集 ...................41
4.2.2 訓練資料集 ...............................43
4.2.3 測試資料集 ...............................44
4.3 驗證參數 ...................................46
4.4 以DARPA純資料之分析結果 ....................47
4.5混合真實網路資料之分析結果 ..................50
4.5.1 混和正常行為之網路資料 ...................50
4.5.2 混合異常行為之網路資料 ...................53
4.6 實驗分析 ...................................56
第五章 結論與未來工作 .........................57
參考文獻 .......................................59

[1] K. Ahsan and D. Kundur, “Practical data hiding in TCP/IP,” Proceedings of the Workshop on Multimedia Security at ACM Multimedia, 2002, French Riviera, France, pp. 7–15, 2002.

[2] E. Ardizzone, A. Chella and R.Pirrone, “An Architecture for Automatic Gesture Analysis,” Proceedings of the Working Conference on Advanced Visual Interfaces, May, 2000.

[3] S. Akhtar, “A Proposed Model to Use ID3 Algorithm in the Classifier of a Network Intrusion Detection System,” 9th International Multitopic Conference, IEEE INMIC, 2005.

[4] D. Barbara, J. Couto, S. Jajodia, L. Popyack and N. Wu, “ADAM: Detecting Intrusions by Data Mining,” IEEE Workshop on Information Assurance and Security, 2001.

[5] E. Biermann, E. Cloete and L. M. Venter, “A Comparison of Intrusion Detection Systems,” Computer &; Security, Vol. 20, pp. 676-683, 2001.

[6] B. E. Boser, I. M. Guyon and V. N. Vapnik, “A training algorithm for optimal margin classifiers,” Proceedings of the 5th Annual ACM Workshop on Computational Learning Theory, Pittsburgh, PA, pp. 144-152, 1992.

[7] C. J. C. Burges, “A Tutorial on Support Vector Machines for Pattern Recognition,” Data Mining and Knowledge Discovery, Vol.2, No.2, pp. 121-167, 1998.

[8] W.W. Cohen, “Efficient Pruning Methods for Separate-and-conquer Rule Learning Systems,” Proceedings of the 13th International Joint Conference on Artificial Intelligence, Chambery, France, pp. 988-994, 1993.

[9] D. Dasgupta and F. A. Gonzalez, “An Intelligent Decision Support System for Intrusion Detection and Response,” Proceeding of International Workshop on Mathematical Methods, Models and Architectures for Computer Networks Security, 2001.

[10] O. Depren, M. Topallar, E. Anarim and M. K. Ciliz, “An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks,” Expert Systems with Applications, Vol. 29, pp. 713-722, 2005.

[11] P. Dokas, L. Ertoz, V. Kumar, A. Lazarevic, J. Srivastava and P. Tan, “Data Mining for Network Intrusion Detection,” Proceedings of NSF Workshop on Next Generation Data Mining, November, 2002.

[12] L. Feinstein, D. Schnackenberg, R. Balupari and D. Kindred, “Statistical Approaches to DDoS Attacks Detection and Response,” Proceedings of the DARPA Information Survivability Conference on Exposition, 2003.

[13] B. A. Forouzan, TCP/IP Protocol Suite, McGraw. HILL, 2003.

[14] K. Hwang, Y. Chen and H. Liu, “Defending Distributed Systems Against Malicious Intrusions and Network Anomalies,” Proceedings of the 19th IEEE Parallel and Distributed Processing Symposium, 2005.

[15] M.A. Hearst, S.T. Dumais, E. Osman, J. Platt and B. Scholkopf, “Support Vector Machines,” IEEE Intelligent Systems, Vol. 13, No. 4, pp. 18-28, 1998.

[16] Y.J. Lee and O. L. Mangasarian, “SSVM: Smooth Support Vector Machine for Classification,” Computational Optimization and Application, Vol.20, No. 1, pp. 5-22, October, 2001.

[17] R. Lippmann, J. W. Haines, D. J. Fried, J. Korba and K. Das, “The 1999 DARPA Off-Line Intrusion Detection Evaluation,” Draft of paper submitted to Computer Networks, In Press, 2000.

[18] M. V. Mahoney, “Network Traffic Anomaly Detection Based on Packet Bytes,” Proceedings of the 18th ACM Symposium on Applied Computing, Melbourne, FL, USA, pp. 346-350, 2003.

[19] M. V. Mahoney and P.K. Chan, “An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection,” Computer Science Department, Florida Institute of Technology Technical Report CD-2003-02, 2003.

[20] S. Mukkamala, G. I. Janoski and A. H. Sung, “Intrusion Detection Using Neural Networks and Support Vector Machines,” Proceedings of the 2002 International Joint Conference on Neural Networks, Vol.2, pp. 1702-1707, May 12-17, 2002.

[21] S. Mukkamala, G. I. Janoski and A. H. Sung, “Feature Ranking and Selection for Intrusion Detection Systems Using SVMs and ANNs,” Proceedings of the International Conference on Information and Knowledge Engineering, pp. 503-509, June, 2002.

[22] S. Mukkamala and A. H. Sung, “Identify Important Features for Intrusion Detection Using Support Vector Machines and Neural Networks,” Proceedings of Symposium on Applications and the Internet, pp. 209-216, 2003.

[23] S. Mukkamala and A. H. Sung, “Detecting Denial of Service Attacks Using Support Vector Machines,” The IEEE International Conference on Fuzzy Systems, pp. 1231-1236, 2003.

[24] P. Sandhya, A. Ajith, G. Crina and T. Johnson, “Modeling Intrusion Detection System Using Hybrid Intelligent Systems,” Journal of Network and Computer Applications, Vol.30, pp. 114-132, 2007.

[25] X. Q. Zhang, C. H. Gu and J. J. Lin, “Support Vector Machines for Anomaly Detection,” Proceedings of the 6th World Congress on Intelligent Control and Automation, Dalian, China, June 21–23, 2006.

[26] C. C. Chang and C. J. Lin, LIBSVM: a library for support vector machines, 2001. Available: http://www.csie.ntu.edu.tw/~cjlin/libsvm

[27] DARPA 1999 dataset. Available: http://www.ll.mit.edu/IST/ideval/index.html

[28] KDDCUP' 99 dataset. Available:
http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html

[29] SNORT, an open source network intrusion detection system. Available: http://www.snort.org/

[30] SPADE, Silicon Defense. Available:
http://www.silicondefense.com/software/spice/

[31] Tcpdump tool. Available: http://www.tcpdump.org/

[32] Testbed@TWISC - Network Emulation Testbed Home. Available:
http://testbed.ncku.edu.tw/.

QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關期刊