|
管理员
|
[【入侵检测】] 基于人工免疫的网络入侵检测算法研究格式:KDH格式(需要用CAJViewer查看) 页数:68页 摘要 免 疫 系 统 和 入 侵 检 测 系 统 要 解 决 的 问 题 都 可 以 被 描 述 为 识 别“ 自 我 ”和“非自我”,并将“非自我”消除的问题。免疫机制可以为改善计算机的 安 全 提 供 借 鉴 , 通 过 对 自 然 免 疫 系 统 的 模 拟 研 究 , 可 能 会 使 计 算 机 安全 系 统 获 得 许 多 理 想 的 特 性 。基 于 免 疫 的 入 侵 检 测 利 用 生 物 免 疫 系 统 的原 、 规 则 与 机 制 来 实 现 对 入 侵 行 为 的 检 测 和 反 应 , 其 目 的 就 是 利 用 免疫 系 统 的 免 疫 原 理 、 体 系 结 构 以 及 从 中 抽 象 提 取 的 有 关 算 法 来 更 好 地 解决网络入侵检测中的相关问题。 本 文 首 先 对 网 络 安 全 、 生 物 免 疫 系 统 、 入 侵 检 测 以 及 基 于 人 工 免 疫的 网 络 入 侵 检 测 进 行 分 析 研 究 。 在 此 基 础 上 , 对 现 有 的 基 于 人 工 免 疫 的网 络 入 侵 检 测 算 法 进 行 分 析 比 较 , 针 对 线 性 时 间 检 测 器 生 成 算 法 的 不 足作了改进。本文的主要工作如下: (1) 分 析 了 网 络 安 全 、 入 侵 检 测 技 术 、 基 于 免 疫 的 网 络 入 侵 检 测 。 (2) 研 究 了 生 物 免 疫 系 统 。 包 括 免 疫 应 答 、 特 异 识 别 、 自 体 耐 受 、克 隆 选 择 、 阴 性 选 择 、 自 体 与 非 自 体 识 别 等 免 疫 系 统 机 制 , 免 疫 系 统 的组成结构,免疫细胞以及免疫系统的特征。 (3) 分 析 探 讨 了 基 于 人 工 免 疫 的 网 络 入 侵检 测 理 论 。 包 括 self 集的 定 义 , 生 成 规 则 , Hamming 匹 配 规 则 、 r 连 续 位 匹 配 规 则 、 r -chunks匹配规则,负检测模式以及可能影响系统性能的一些因素等。 (4)在 对 网 络 入 侵 进 行 分 析 以 及 对 现 有 的 基 于 人 工 免 疫 的 网 络 入 侵检 测 算 法 进 行 分 析 比 较 的 基 础 上 , 针 对 线 性 时 间 检 测 器 生 成 算 法 生 成 的检测器存在冗余,并且其时间和空间代价与 r 成指数关系,算法开销受 r的 影 响 较 大 的 不 足 , 对 该 算 法 进 行 了 改 进 。 针 对 广 播 局 域 网 , 对 self 集 的 定 义 进 行 了 讨 论 分 析 , 在 算 法 中 考 虑 了 检 测 器 的 生 命 期 问 题 , 给 出 了改 进 算 法 的 框 架 以 及 描 述 。 通 过 实 验 对 算 法 的 性 能 进 行 验 证 , 并 通 过 实验验证了改进算法的有效性。 最 后 对 整 个 研 究 工 作 进 行 了 总 结 , 并 针 对 目 前 的 情 况 指 出 了 下 一 步工作的研究方向。 关键词:入侵检测;人工免疫;阴性选择算法 目 录 摘要·······························································································I ABSTRACT························································································II 第一章 绪论 1.1 背景···························································································1 1.2 网络安全····················································································2 1.2.1 网络安全的目标·········································································2 1.2.2 常见的攻击类型·········································································2 1.2.3 传统网络安全技术······································································3 1.3 入侵检测技术···············································································4 1.3.1 入侵检测的含义·········································································4 1.3.2 入侵检测的分类·········································································5 1.3.3 入侵检测的现状·········································································8 1.3.4 入侵检测标准化·········································································8 1.4 基于免疫的网络入侵检测·······························································9 1.5 论文的主要研究工作·····································································10 1.6 论文的组织·················································································11 第二章 生物免疫系统 2.1 免疫系统组成··············································································12 2.1.1 淋巴系统·················································································12 2.1.2 补体系统·················································································13 2.2 免疫系统结构·············································································13 2.3 免疫细胞···················································································14 2.4 抗体分子···················································································16 2.5 免疫系统分类·············································································17 2.6 免疫系统机制·············································································18 2.6.1 免疫应答················································································18 2.6.2 特异识别················································································19 2.6.3 克隆选择················································································19 2.6.4 阴性选择················································································20 2.6.5 自体耐受················································································20 2.6.6 自体与非自体区分····································································20 2.7 免疫系统基本特征·······································································20 2.8 本章小结···················································································21 第三章 基于免疫的网络入侵检测理论分析 3.1 在入侵检测中自体集的定义···························································22 3.2 生成规则···················································································23 3.2.1 Hamming 生成规则·····································································23 3.2.2 交叉闭包生成规则·····································································23 3.3 匹配规则···················································································24 3.3.1 Hamming 匹配规则·····································································24 3.3.2 r连续位匹配规则·······································································24 3.3.3 r -chunks匹配规则 ····································································25 3.4 负检测模式···············································································25 3.5 本章小结··················································································28 第四章 基于人工免疫的网络入侵检测算法 4.1 网络入侵检测············································································30 4.1.1 网络协议···············································································30 4.1.2 网络攻击···············································································31 4.1.3 网络入侵过程分析··································································32 4.2 现有检测器生成算法··································································33 4.2.1 穷举检测器生成算法································································34 4.2.2 线性时间检测器生成算法··························································35 4.2.3 贪婪检测器生成算法································································37 4.2.4 阴性选择变异算法···································································38 4.3 对线性时间检测器生成算法的改进················································39 4.4 改进算法框架···········································································40 4.4.1 自体集的定义········································································40 4.4.2 匹配规则··············································································42 4.4.3 检测器生成算法·····································································43 4.3.4 算法框架与描述·····································································45 4.5 实验及结果分析·······································································46 4.5.1 已有算法性能的实验比较························································47 4.5.2 改进算法的实验····································································49 4.6 本章小结···············································································50 第五章 结论 5.1 总结·····················································································51 5.2 下一步工作及展望···································································52 致谢··························································································53 参考文献····················································································54 附录(攻读学位期间发表的论文)···················································58 |
发表于 2006-4-26 18:55
|