Please use this identifier to cite or link to this item: http://hdl.handle.net/11455/8303
標題: 基於先前連線統計所建立異常規則之網路入侵偵測系統
Network Intrusion Detection System Using Anomalous Rules Based on Previous Connection Statistics
作者: 陳亮伸
Chen, Liang-shen
關鍵字: network intrusion detection;網路入侵偵測;NIDS;misuse detection;anomaly detection;正面表列;負面表列
出版社: 電機工程學系所
引用: [1] J.R. Quilan, “C4.5 : Programs for Machine learning” Morgan Kaufmann, 1993. [2] G.. Korosh, K. M. Richard, K. Latifur, A. Ehab, “Analysis of Firewall Policy Rules Using Data Mining Techniques” Network Operations and Management Symposium, 2006. NOMS 2006. 10th IEEE/IFIP. [3] K. Bart, "Fuzzy Cognitive Maps" International Journal of Man-MachineStudies, vol. 24, pp. 65-74, 1986. [4] K. Bart, "Virtual Worlds as Fuzzy Cognitive Maps" with J.A. Dickerson, Presence, vol. 3, no. 2, pp. 173-189, Spring 1994. [5] L. Wenke, J. S. Salvatore, W. M. Kui, "A Data Mining Framework for Building Intrusion Detection Models" 1999 IEEE Symposium on Security and Privacy P. 0120 [6] H. Tzung-Pei, C. Jyh-Bin "Building a concise decision table for fuzzy rule induction" Fuzzy Systems Proceedings, 1998. IEEE World Congress on computational Intelligence., The 1998 IEEE International Conference on Volume 2, Issue , 4-9 May 1998 Page(s):997 - 1002 vol.2 [7] H. Tzung-Pei, C. Jyh-Bin "Building a hierarchical representation of membership functions" Tools with Artificial Intelligence, 1998. Proceedings. Tenth IEEE International Conference on. [8] S. Ambareen, B. V. Rayford, M. B. Susan, "Decision Making For Network Health Assessment In An Intelligent Intrusion Detection System Architecture. International Journal of Information Technology and Decision Making" 3(2): 281-306 (2004) [9] T. Cheng-Fa, L. Yi-Chau, C. Chi-Pin, "Fast Algorithms for Mining Association Rules" Systems, Man and Cybernetics, 2002 IEEE International Conference on [10] H. Tzung-Pei, C. Jyh-Bin, "Finding relevant attributes and membership functions" Fuzzy Sets and Systems Volume 103, Issue 3, 1 May 1999, Pages 389- 404 [11] M. B. Susan, B. V. Rayford, "FUZZY DATA MINING AND GENETIC ALGORITHMS APPLIED TO INTRUSION DETECTION" Presented at the National Information Systems Security Conference (NISSC), October 16-19, 2000, Baltimore, MD. [12] S. Ambareen, B. V. Rayford, M. B. Susan, "Intrusion Sensor Data Fusion in an Intelligent Intrusion Detection System Architecture" Proceedings of the 37th Hawaii International Conference on System Sciences - 2004 [13] P. A. Porras; A. Valdes; Live Traffic Analysis of TCP/IP Gateways, Networks and Distributed Systems Security Symposium, Mar 1998. [14] A. Rakesh, I. Tomasz and S. Arun, “Mining association rules between sets of items in large databases,” In Proceedings of 1993 ACM SIGMOD International Conference on Management of Data, Washington, D.C., pp. 207-216, May 1993. [15] L. Jianxiong, M. B. Susan, Mining fuzzy association rules and fuzzy frequency episodes for intrusion detection, International Journal of Intelligent Systems. Vol. 15, Iss. 8, (2000), pp. 687-703. [16] C4.5 Algorithm Tutorial http://www2.cs.uregina.ca/~dbd/cs831/notes/ml/dtrees/ c4.5/tutorial.html [17] TCPDUMP man page http://linux.die.net/man/8/tcpdump [18] Linux iptables http://www.yolinux.com/TUTORIALS /LinuxTutorialIptablesNetworkGateway.html [19] MYSQL Database http://www.mysql.com/
摘要: 
網路入侵偵測系統(network intrusion detection System, NIDS)大多數使用負面表列(misuse-detection)來偵測網路入侵行為,此缺點為需預先內建資料庫樣式比對的功能,而網路入侵行為種類繁多,很難全部網羅。而正面表列方式(anomaly-detection)從網路行為實例中來建立入侵偵測的正常門檻值(threshold),優點為可以省略事先須建立大量比對樣式的資料庫,和建立最適合各別主機環境的基線樣式。本論文使用模糊認知圖(fuzzy cognitive maps, FCM)、C4.5決策樹(C4.5 decision tree)、成員函數(membership function)的建立和資料探勘(data mining)來完成網路行為資料的歸類、統計和建立標準基線(normal baseline)的技術,來建立正面表列(anomaly Rule)的網路入侵偵測系統(NIDS)。

In network intrusion detection system (NIDS), most systems make use of Misuse-Detection method to detect the network intrusion behaviors. This method requires a great number of built-in data for pattern comparison, and also cannot be classified every detected patterns in internet. The proposed anomaly-detection method just needs the network training instances to build the detective threshold. This method omits a great number of comparative data which need to be built in advance and a normal mode is set so that it can suit for most individual personal computers to detect an abnormal flow from networks. In this thesis we propose a network detection system of anomalous framework by using fuzzy cognitive maps techniques (FCM), C4.5 Decision Tree, membership function and data mining to work for the classifications and statistics. The system can use normal baseline to determine the threshold for the NIDS.
URI: http://hdl.handle.net/11455/8303
其他識別: U0005-2207200808110700
Appears in Collections:電機工程學系所

Show full item record
 

Google ScholarTM

Check


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.