Please use this identifier to cite or link to this item:
標題: 一個植基於異常資料串流挖掘的網路入侵偵測系統實作
The implementation of A Network Intrusion Detection System Based on Anomaly Data Stream Mining
作者: 郭彥鋒 
Kuo, Yen-Feng 
關鍵字: intrusion detection system;入侵偵測系統;anomaly detection;data stream mining;異常偵測;資料串流挖掘
出版社: 資訊科學系所
引用: [中文1] 陳培德, 賴溪松, “入侵偵測系統之簡介與實現”, Communications of the CCISA, Vol. 8, No. 2, 民91年. [中文2] 林世杰, “以異常偵測為基礎之入侵偵測系統研究-以微軟視窗平台為例,” 國立雲林科技大學資訊管理研究所碩士論文, 民92年. [中文3] 黃于爵, “網站入侵偵測系統之研究,” 國立雲林科技大學資訊管理研究所碩士論文, 民91年 [1] W. Lee, S. Stolfo and K. W. Mok, “A Data Mining Framework for Adaptive Intrusion Detection,” Proceedings of the 7th USENIX Security Symposium, June 1998. [2] W. Lee, S. Stolfo, P. K. Chan, E. Eskin, W. Fan, M. Miller, S. Hershkop and J. Zhang, “Real Time Data Mining-based Intrusion Detection,” Proceedings of DISCEX II, June 2001. [3] P. Dokas, L. Ertoz, V. Kumar, A. Lazarevic, J. Srivastava and P. Tan, “Data Mining for Network Intrusion Detection,” Proceedings of the National Science Foundation Workshop on Data Mining, pp. 21-30, 2002. [4] L. Wenke, J. Salvatore and K. W. Mok, “Mining in a Data-flow Environment: Experience in Network Intrusion Detection,” Proceedings of the Fifth International Conference on Knowledge Discovery and Data Mining, pp. 114-124, Aug. 1999. [5] E. Biermann, E. Cloete and L. M. Venter, “A Comparsion of Intrusion Detection Systems,” Computer & Security, Vol. 20, No. 8, pp. 676-683, 2001. [6] C. Giannella, J. Han, J. Pei, X. Yan and P. Yu, “Mining Frequent Patterns in Data Streams at Multiple Time Granularities,” Data Mining: Next Generation Challenges and Future Directions, AAAI/MIT Press, 2003. [7] N. C. N. Chu, A. Williams, R. Alhajj and K. Barker, “Data Stream Mining Architecture for Network Intrusion Detection,” Proceedings of the 2004 IEEE International Conference on Information Reuse and Integration, pp. 363-368, Nov. 2004. [8] D. E. Denning, “An Intrusion Detecion Model,” IEEE Transactions on Software Engineering, Vol. SE-13, No. 2, pp. 222-232, 1987. [9] SY. Bi and H. Kobayashi, “Intrusion Detection Systems: Technology and Development,” Proceedings of the 17th International Conference on Advanced Information Networking and Applications, pp. 710-715, Mar. 2003. [10] S. Axelsson, “Intrusion Detection Systems: A Taxonomy and Survey,” Tech. report no. 99-15, Dept. of Comp.Eng., Chalmers Univ. of Technology, Sweden, Mar. 2003. [11] G. Dong, J. Han, L. V. S. Lakshmanan, J. Pei, H.Wang and P. S. Yu, “Online Mining of Changes from Data Streams: Research Problems and Preliminary Results,” Conference of ACMSIGMOD/POD, June 2003. [12] D. Barbará, “Requirements for Clustering Data Streams,” ACM SIGKDD Explorations Newsletter, Volume 3, Issue 2, Jan. 2002. [13] B. Babcock, S. Babu, M. Datar, R. Motwani and J. Widom, “Models and Issues in Data Stream Systems,” Proceedings of the twenty-first ACM SIGMOD-SIGACT-SIGART, June 2002. [14] M. Garofalakis, J. Gehrke and R. Rastogi, “Querying and Mining Data Stream: You Only Get One Look,” Conference of SIGMOD, Aug. 2002. [15] H. F. Li, S. Y. Lee and M. K. Shan, “Online Mining (Recently) Maximal Frequent Itemsets over Data Streams,” Proceedings of the 15th IEEE International Workshop on Research Issues on Data Engineering (RIDE2005), April 2005. [16] W. G. Teng, “Mining from Data Stream Competition between Quality and Speed,” Advance Data Mining, 2005. [17] Mining Data Streams Bibliography, available on-line at [18] M. M. Gaber, A. Zaslavsky and S. Krishnaswamy, “Mining Data Stream: A Review,” SIGMOD Record, Vol. 34, No. 2, pp. 18-26, June 2005. [19] M. M. Gaber, S. Krishnaswamy and A. Zaslavsky, “Ubiquitous Data Stream Mining,” Current Research and Future Directions Workshop Proceedings held in conjunction with The Eighth Pacific-Asia Conference on Knowledge Discovery and Data Mining, May 26 2004. [20] T. Verwoerd and R. Hunt, “Intrusion Detection Techniques and Approaches,” Computer Communication, Vol.25, pp. 1356-1365, 2002. [21] Y. T. Lin, S. S. Tseng and S. C. Lin, “An Intrusion Detection Model Based Upon Intrusion Detection Markup Language(IMDL),” Journal of Information Science and Engineering, Vol. 17, pp. 899-919, 2001. [22] E. Eskin, A. Arnold, M. Prerau, L. Portnoy, and S. Stolfo, “A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data,” In D. Barbara and S. Jajodia (editors), Applications of Data Mining in Computer Security, 2002. [23] W. W. Cohen, “Fast Effective Rule Induction,” Proceedings of the 12th International Conference on Machine Learning, 1995. [24] S. Mukkamala and A. H. Sung, “Identifying Significant Features for Network Forensic Analysis Using Artificial Intelligent Techniques,” International Journal of Digital Evidence, Vol. 1, Issue 4, 2003. [25] Massachusetts Institute of Technology Lincoln Laboratory Intrusion Detection Attacks Database, available on-line at [26] P. Domingos and G. Hulten, “A General Method for Scaling Up Machine Learning Algorithms and It’s Application to Clustering,” Proceedings of Eighteenth International Conference on Machine Learning, 2001 [27] C. H. Lin, D. Y. Chiu, Y. H. Wu and A. L. P. Chen, “Mining Frequent Itemsets from Data Streams with A Time-Sensitive Sliding Window,” SIAM International Conference on Data Mining, 2005 [28] S. Guha, A. Meyerson, N. Mishra, R. Motwani and L. O’Callaghan, “Clustering Data Steams: Theory and Practice,” IEEE Transactions on Knowledge and Data Engineering Special Issue on Clustering, Vol. 15, 2003. [29] C. Aggarwal, J. Han, J. Wang and P. S. Yu,”A Framework for Clustering Evolving Data Streams,” Proceedings of International Conference on Very Large Data Bases, Sept. 2003. [30] P. Domingos and G. Hulten, “Mining High-Speed Data Streams,” Proceedings of the Association for Computing Machinery Sixth International Conference on Knowledge Discovery and Data Mining, 2000. [31] H. Wang, W. Fan, P. Yu and J. Han, “Mining Concept-Drifting Data Streams Using Ensemble Classifiers,” the 9th ACM International Conference on Knowledge Discovery and Data Mining, Aug. 2003. [32] G. S. Manku and R. Motwani, “Approximate Frequency Counts over Data Stream,” Proceedings of the 28th International Conference on Very Large Data Bases, Aug. 2002. [33] Loris Degioanni, Gianluca Varenni, Fulvio Risso and John Bruno, “WinDump: tcpdump for Windows,” available online at [35] Computer Emergency Response Team Coordination Center, available online at
入侵偵測系統(Intrusion Detection System)目的在於偵查異常的入侵行為與監控網路及系統環境的安全,回報內部與外部之入侵者所產生的可能傷害行為。過去入侵偵測系統主要缺點在於缺乏已知攻擊行為特徵時,無法偵測出新型態的攻擊。
為了克服缺點以增進異常偵測(Anomaly Detection)的效率,近來研究試將資料挖掘技術應用於入侵偵測系統並在文獻中獲得證明其具可行性。本論文採用資料串流挖掘(Data Stream Mining)技術建構異常偵測模型之主要論點於網路入侵事件逐年遞增且網際網路上傳遞之資料具有資料流的性質,故使用動態(Dynamic)入侵偵側技術是必須的。資料流挖掘演算法採用單回合(Single-pass)挖掘方式,具有比挖掘靜態、儲存於資料庫的資料更即時處理、回應、即時決策的優點。

In recent years, there has been a dramatic proliferation of internet applications and security issues of internet suffered severely. Hence, many defense techniques of network security were developed and the intrusion detection system was one of them. Research on intrusion detection systems, the major drawback of intrusion detection systems, which relied on a mechanism of matching the known attack signatures on network data stream, is unable to detect newly emerging anomalies without attack signatures. In order to overcome this shortcoming and improve the efficiency of anomaly detection, recent literatures show that data mining techniques could apply to intrusion detection. It is suitable to use dynamic intrusion detection techniques. Our thesis applies the data stream mining technique, which is a new class of data mining techniques introduced to handle streaming data, to build the anomaly detection system dynamically.
其他識別: U0005-2608200617181400
Appears in Collections:資訊科學與工程學系所

Show full item record
TAIR Related Article

Google ScholarTM


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.