• 藍色版面
  • 綠色版面
  • 橘色版面
  • 粉紅色版面
  • 棕色版面
帳號:guest(120.119.126.29)          離開系統
字體大小: 字級放大   字級縮小   預設字形  

詳目顯示

研究生: 洪弘洲
研究生(外文): Hong-Zhou Hong
論文名稱: RST入侵偵測預處理機制
論文名稱(外文): Preprocess Mechanism of Intrusion Detection Based on RST
指導教授: 曾昱國
指導教授(外文): Yu-Kuo Tseng
學位類別: 碩士
校院名稱: 樹德科技大學
系所名稱: 資訊工程學系
論文出版年: 2008
畢業學年度: 96
語文別: 中文
論文頁數: 67
中文關鍵詞: 入侵偵測資料預處理約略集理論屬性縮減
外文關鍵詞: Intrusion DetectionData preprocessingRough Set TheoryAttribute Reduct
相關次數:
  • 被引用:0
  • 點閱:40
  • 評分:*****
  • 下載:7
  • 書目收藏:0
目前對於入侵偵測系統(Intrusion Detection System ; IDS) 的主要研究方向是針對提高偵測準確率和降低系統負擔。由於入侵偵測系統漏過了任何攻擊都可能對電腦產生極大威脅,所以提高偵測準確率是許多研究者的研究目標,但是入侵偵測需要處理的資料量十分龐大,因此往往為了提高偵測準確率,卻使得效能大幅降低,所以便需使用資料預處理相關技術來提升入侵偵測系統效能。
目前資料預處理中許多研究均以去除品質不良資料為主要研究對象,但這些研究所提出的預處理方法,不是無科學根據地移除資料,就是移除的資料對於提升入侵偵測系統的偵測準確性上沒有幫助,甚至還降低了偵測準確率。所以我們提出以約略集理論(Rough Set Theory)的方法來分析並找出蒐集的資料中對於提升攻擊偵測率沒有幫助的特徵屬性並移除它們,而經由縱向的屬性縮減後,將可大幅減少所需分析的資料量,使入侵偵測系統達到最佳的效能, 經由本論文的實驗證明我們的方法確實能減少一半左右屬性的資料量卻不會降低偵測準確率。
我們也和其他使用KDD-Cup1999資料集的相關研究進行比較,分析之間優劣,證明我們所使用的方法並不亞於其他相關研究,我們有效的刪除不必要的屬性還能保持原有較高的準確率及覆蓋率。最後本研究也將預處理結果分別套至入侵偵測系統中常見的不同分類方法來進行實驗,結果證明本研究成果有助於入侵偵測系統在資料量減少下仍可維持良好的準確率及覆蓋率。
At present, the main research direction for Intrusion Detection System (IDS) is to enhance the detecting accurate rate, reduce the false positive rate, and improve the system performance. The amount of data, which intrusion detection needs to process, is usually extremely huge, so it is an important issue for IDS to improve its performance through reducing the amount of data. Under high overload, though, IDS might omit some attack attempts that could cause potential and serious threats to user’s computers. Thus, the detecting rate will decrease as well.
As to reducing the amount of data, many preprocessing schemes are also proposed to enhance the IDS performance. However, without any reasonable and scientific explanation, most of them just remove some data from the data set required to be analyzed by IDS. Furthermore, removing those data incorrectly could lower the detecting rate. Therefore, we propose a scientific IDS preprocessing scheme based on Rough Set Theory to discover and remove around a half useless conditional attributes. Pruning helpless attribute subset will refine data set and boost the IDS performance.
We have compared our research with others which also use KDD-Cup1999 data set, and the experiment results show that the proposed scheme’s accuracy rate and coverage rate is not worse than others, after removing. The preprocessed and reducted KDD-Cup data set also is input into three common classification medthods used in the kernal of Intrusion Detection System. There is Decomposition Tree, Neural Network, K-th nearest neighbor, and every detecting rate between the KDD-Cup 1999 data set is the same. Therefore, the proposed scheme will boost the performance of IDS without effecting the IDS detecting rate.
一、  緒論  1
1.1  研究背景  1
1.2  研究動機與目的  2
1.3  論文架構  3
二、  文獻探討  4
2.1  KDD-Cup 1999資料集  4
2.2  KDD-Cup 1999相關研究  9
2.4  約略集理論  13
三、  RST入侵偵測預處理機制  18
3.1  RST預處理架構及運作方式  18
3.2  二階段屬性縮減  20
3.2.1  第一階段屬性縮減-依決策屬性  22
3.2.2  第二階段屬性縮減-依條件屬性  24
3.3  IDS擴充版本  26
四、  實驗結果與分析  31
4.1  實驗環境  31
4.2  二階段屬性縮減結果  33
4.3  IDS分類方法比較  45
4.4  屬性縮減相關研究比較  47
五、  結論與未來工作  53
[1]Dr. Dirk Ourston, Ms. Sara Matzner, Mr. William Stump, and Dr. Bryan Hopkins, ”Applications of Hidden Markov Models to Detecting Multi-stage Network Attacks”, 6-9 Jan. 2003, On page(s): 10 pp.
[2]曾憲雄、蔡秀滿、蘇東興、曾秋蓉、王慶堯(2006) , 資料探勘 , Data Mining ,  2006 , 3月
[3]KDD Cup Data set , http://www.sigkdd.org/kddcup/index.php
[4]Sandhya Pedabchiguri, Ajith Abrahm, Crina Grosan, Johnson Thomas, “Modeling intrusion detection system using hybrid intelligent systems.”, Journal of Network and Computer application June 2005, On page(s): 114–132, 2007
[5]Hung Hom, Kowloon, “DDos Detection based on feature space Modeling., Machine Learning and Cybernetics”, 2004. Proceedings of 2004 International Conference, Aug. 2004 , On page(s): 4210- 4215 vol.7
[6]S. Mukkamala, A H. Sung, “Identifying Key Features for Intrusion Detection Using Neural Networks.“ Proceedings of 15th International Conference on Computer Communications, On page(s): 1132-1138
[7]Mukkamala, S. Sung, A.H. (2003), “Detecting denial of service attacks using support vector machines”, Fuzzy Systems, 2003. FUZZ '03. The 12th IEEE International Conference, On page(s): 1231- 1236 vol.2
[8]N. Zhang and W. F. Lu, “An Efficient Data Preprocessing Method for Mining Customer Survey Data”, Industrial Informatics , IEEE International Conference , On Page(s): 573-578, 2007 5th
[9]H. Mirghasemi , M. B. Shamsollahi, and R. Fazel-Rezai, “Assessment of Preprocessing on Classifiers Used in the P300 Speller Paradigm.”, Conf Proc IEEE Eng Med Biol Soc. April 24, 2006., On Page(s):1319-1322
[10]Ping-Feng Pai, Wan-Ru Wei, “Predicting Movement Directions of Stock Index Futures by Support Vector Models with Data Preprocessing.”, Industrial Engineering and Engineering Management , 2007 IEEE International Conference , On page(s): 169-173
[11]H.Hannah Inbarani, K.Thangavel, A. Pethalakshmi, “Rough set based Feature Selection for Web Usage Mining.”, Conference on Computational Intelligence and Multimedia Applications, 2007. International Conference , Dec. 2007 , On page(s): 33-38
[12]Pawlak, Z., “Rough Sets and Intelligent Data Analysis”, Information Sciences , Vol. 147, 2002, pp. 1-12.
[13]B. Walczak , D.L. Massart , “Tutorial Rough sets theory” , Chemometrics and Intelligent Laboratory Systems 47 (1999) 1-16
[14]齊立文 , “80-20法則 聰明工作,認真玩” , 經理人月刊, 第三十八期, 2008.01.01
[15]Rough Set Exploration System(RSES) , http://logic.mimuw.edu.pl/~rses/
[16]賴威利 , “利用約略集理論預測燒燙傷患者死亡率” , 全國碩博士論文網 , 2005.7
[17]陳士杰 , “應用資料探勘技術於理財促銷-以國內某金控銀行為例” , 全國碩博士論文網 , 2005
[18]施奕良 , “知識表達方法於影像判釋之研究-以粗糙集合理論與主成分分析為例” , 全國碩博士論文網 , 2006.6
[19]J. Bazan, M. Szczuka, “RSES and RSESlib - A Collection of Tools for Rough Set Computations (Postscript)”. Extended version of paper presented at RSCTC'2000
[20]G. Bazan, Son H. Nguyen, Trung T. Nguyen, A. Skowron and J. Stepaniuk (1998). “Decision rules synthesis for object classification.“, In: E. Orowska (ed.), Incomplete Information: Rough Set Analysis, Physica - Verlag, Heidelberg, pp. 23-57.
[21]J.G. Bazan. A Comparison of Dynamic and non-Dynamic Rough Set Methods for Extracting Laws from Decision Table. In: L. Polkowski, A. Skowron (eds.),“Rough Sets in Knowledge Discovery”, Physica - Verlag, Heidelberg, pp. 321-365.
[22]許建隆,”《資訊安全》 網路駭客攻擊-分散式阻斷服務(DDoS)攻擊”:  http://www.hurricanetech.net/
[23]Hoa S. Nguyen. “Data regularity analysis and applications in data mining.“, Ph. D. thesis, supervisor B. Chlebus, Warsaw University.
[24]M. Wojnarski, LTF-C: Architecture, “Training Algorithm and Applications of New Neural Classifier.“ Fundamenta Informaticae, Vol. 54(1), pp. 89–105. IOS Press, 2003
[25]G. Gora, A. Wojna, “RIONA: A Classifier Combining Rule Induction and k-NN Method with Automated Selection of Optimal Neighbourhood”, Proceedings of the Thirteenth European Conference on MachineLearning, ECML 2002,  Helsinki, Finland, Lecture Notes in Artificial Intelligence, 2430, Springer-Verlag, pp. 111–123
[26]G. Gora, A. Wojna, “RIONA: A New Classification System Combining Rule Induction and Instance-Based Learning”, Fundamenta Informaticae, 51(4), pp. 369–390
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
* *