Please use this identifier to cite or link to this item: http://hdl.handle.net/11455/8303
DC FieldValueLanguage
dc.contributor楊谷章zh_TW
dc.contributorGuu-Chang Yangen_US
dc.contributor楊睛雯zh_TW
dc.contributorChing-Wen Yangen_US
dc.contributor.advisor歐陽彥杰zh_TW
dc.contributor.advisorYen-Chieh Ouyangen_US
dc.contributor.author陳亮伸zh_TW
dc.contributor.authorChen, Liang-shenen_US
dc.contributor.other中興大學zh_TW
dc.date2009zh_TW
dc.date.accessioned2014-06-06T06:41:21Z-
dc.date.available2014-06-06T06:41:21Z-
dc.identifierU0005-2207200808110700zh_TW
dc.identifier.citation[1] J.R. Quilan, “C4.5 : Programs for Machine learning” Morgan Kaufmann, 1993. [2] G.. Korosh, K. M. Richard, K. Latifur, A. Ehab, “Analysis of Firewall Policy Rules Using Data Mining Techniques” Network Operations and Management Symposium, 2006. NOMS 2006. 10th IEEE/IFIP. [3] K. Bart, "Fuzzy Cognitive Maps" International Journal of Man-MachineStudies, vol. 24, pp. 65-74, 1986. [4] K. Bart, "Virtual Worlds as Fuzzy Cognitive Maps" with J.A. Dickerson, Presence, vol. 3, no. 2, pp. 173-189, Spring 1994. [5] L. Wenke, J. S. Salvatore, W. M. Kui, "A Data Mining Framework for Building Intrusion Detection Models" 1999 IEEE Symposium on Security and Privacy P. 0120 [6] H. Tzung-Pei, C. Jyh-Bin "Building a concise decision table for fuzzy rule induction" Fuzzy Systems Proceedings, 1998. IEEE World Congress on computational Intelligence., The 1998 IEEE International Conference on Volume 2, Issue , 4-9 May 1998 Page(s):997 - 1002 vol.2 [7] H. Tzung-Pei, C. Jyh-Bin "Building a hierarchical representation of membership functions" Tools with Artificial Intelligence, 1998. Proceedings. Tenth IEEE International Conference on. [8] S. Ambareen, B. V. Rayford, M. B. Susan, "Decision Making For Network Health Assessment In An Intelligent Intrusion Detection System Architecture. International Journal of Information Technology and Decision Making" 3(2): 281-306 (2004) [9] T. Cheng-Fa, L. Yi-Chau, C. Chi-Pin, "Fast Algorithms for Mining Association Rules" Systems, Man and Cybernetics, 2002 IEEE International Conference on [10] H. Tzung-Pei, C. Jyh-Bin, "Finding relevant attributes and membership functions" Fuzzy Sets and Systems Volume 103, Issue 3, 1 May 1999, Pages 389- 404 [11] M. B. Susan, B. V. Rayford, "FUZZY DATA MINING AND GENETIC ALGORITHMS APPLIED TO INTRUSION DETECTION" Presented at the National Information Systems Security Conference (NISSC), October 16-19, 2000, Baltimore, MD. [12] S. Ambareen, B. V. Rayford, M. B. Susan, "Intrusion Sensor Data Fusion in an Intelligent Intrusion Detection System Architecture" Proceedings of the 37th Hawaii International Conference on System Sciences - 2004 [13] P. A. Porras; A. Valdes; Live Traffic Analysis of TCP/IP Gateways, Networks and Distributed Systems Security Symposium, Mar 1998. [14] A. Rakesh, I. Tomasz and S. Arun, “Mining association rules between sets of items in large databases,” In Proceedings of 1993 ACM SIGMOD International Conference on Management of Data, Washington, D.C., pp. 207-216, May 1993. [15] L. Jianxiong, M. B. Susan, Mining fuzzy association rules and fuzzy frequency episodes for intrusion detection, International Journal of Intelligent Systems. Vol. 15, Iss. 8, (2000), pp. 687-703. [16] C4.5 Algorithm Tutorial http://www2.cs.uregina.ca/~dbd/cs831/notes/ml/dtrees/ c4.5/tutorial.html [17] TCPDUMP man page http://linux.die.net/man/8/tcpdump [18] Linux iptables http://www.yolinux.com/TUTORIALS /LinuxTutorialIptablesNetworkGateway.html [19] MYSQL Database http://www.mysql.com/zh_TW
dc.identifier.urihttp://hdl.handle.net/11455/8303-
dc.description.abstract網路入侵偵測系統(network intrusion detection System, NIDS)大多數使用負面表列(misuse-detection)來偵測網路入侵行為,此缺點為需預先內建資料庫樣式比對的功能,而網路入侵行為種類繁多,很難全部網羅。而正面表列方式(anomaly-detection)從網路行為實例中來建立入侵偵測的正常門檻值(threshold),優點為可以省略事先須建立大量比對樣式的資料庫,和建立最適合各別主機環境的基線樣式。本論文使用模糊認知圖(fuzzy cognitive maps, FCM)、C4.5決策樹(C4.5 decision tree)、成員函數(membership function)的建立和資料探勘(data mining)來完成網路行為資料的歸類、統計和建立標準基線(normal baseline)的技術,來建立正面表列(anomaly Rule)的網路入侵偵測系統(NIDS)。zh_TW
dc.description.abstractIn network intrusion detection system (NIDS), most systems make use of Misuse-Detection method to detect the network intrusion behaviors. This method requires a great number of built-in data for pattern comparison, and also cannot be classified every detected patterns in internet. The proposed anomaly-detection method just needs the network training instances to build the detective threshold. This method omits a great number of comparative data which need to be built in advance and a normal mode is set so that it can suit for most individual personal computers to detect an abnormal flow from networks. In this thesis we propose a network detection system of anomalous framework by using fuzzy cognitive maps techniques (FCM), C4.5 Decision Tree, membership function and data mining to work for the classifications and statistics. The system can use normal baseline to determine the threshold for the NIDS.en_US
dc.description.tableofcontents第一章 緒論 1.1 研究背景-------------------------------------------1 1.2 動機和目的-----------------------------------------1 1.3 論文架構-------------------------------------------1 第二章 實體架構介紹 2.1 入侵偵測系統簡介-----------------------------------3 2.2 系統架構簡介---------------------------------------3 2.3 防火牆模組(Firewall Module)簡介--------------------5 2.4 標準基線訓練模組(Normal Baseline Training Module)簡介----6 2.5 即時偵測者模組(Real-time Detector Module)簡介------9 第三章 架構理論 3.1 防火牆規則探勘(Firewall Rules Mining)-------------11 3.2 模糊認知圖(Fuzzy Cognitive Maps,FCM)--------------14 3.3 C4.5 決策樹(C4.5 Decision Tree)-------------------16 3.4 成員函數建立(Membership Function Building)--------20 3.5 資料探勘(Data Mining)-----------------------------24 第四章 實體架構流程 4.1 防火牆模組(Firewall Module)-----------------------26 4.2 標準基線訓練模組(Normal Baseline Training Module)-29 4.3 即時偵測模組(Real-time Detector Module)-----------39 第五章 實驗數據 5.1 模擬實驗環境--------------------------------------41 5.2 模擬實驗方法--------------------------------------42 5.3 模擬實驗結果--------------------------------------44 5.4 模擬測試問題點分析--------------------------------48 第六章 結論 6.1 結論----------------------------------------------49zh_TW
dc.language.isoen_USzh_TW
dc.publisher電機工程學系所zh_TW
dc.relation.urihttp://www.airitilibrary.com/Publication/alDetailedMesh1?DocID=U0005-2207200808110700en_US
dc.subjectnetwork intrusion detectionen_US
dc.subject網路入侵偵測zh_TW
dc.subjectNIDSen_US
dc.subjectmisuse detectionen_US
dc.subjectanomaly detectionen_US
dc.subject正面表列zh_TW
dc.subject負面表列zh_TW
dc.title基於先前連線統計所建立異常規則之網路入侵偵測系統zh_TW
dc.titleNetwork Intrusion Detection System Using Anomalous Rules Based on Previous Connection Statisticsen_US
dc.typeThesis and Dissertationzh_TW
item.openairecristypehttp://purl.org/coar/resource_type/c_18cf-
item.openairetypeThesis and Dissertation-
item.cerifentitytypePublications-
item.fulltextno fulltext-
item.languageiso639-1en_US-
item.grantfulltextnone-
Appears in Collections:電機工程學系所
Show simple item record
 
TAIR Related Article

Google ScholarTM

Check


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.