可用於雲端環境下之具適應性入侵偵測系統

Hui-Hao Chou; 周暉豪

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/62842

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	王勝德(Sheng-De Wang)
dc.contributor.author	Hui-Hao Chou	en
dc.contributor.author	周暉豪	zh_TW
dc.date.accessioned	2021-06-16T16:12:08Z	-
dc.date.available	2015-03-06
dc.date.copyright	2013-03-06
dc.date.issued	2013
dc.date.submitted	2013-02-18
dc.identifier.citation	[1] Sourcefire, Inc. Snort [Online]. Available: http://www.snort.org/ [2] Open Information Security Foundation (OISF). Suricata. Available: http://www.openinfosecfoundation.org/ [3] The UCI KDD Archive. KDD Cup 1999 Data [Online]. Available: http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html [4] L. Portnoy, E. Eskin, and S. Stolfo, 'Intrusion Detection with Unlabeled Data Using Clustering,' in Proceedings of ACM CSS Workshop on Data Mining Applied to Security (DMSA-2001), 2001, pp. 5-8. [5] W. Lee, S. J. Stolfo, P. K. Chan, E. Eskin, W. Fan, M. Miller, et al., 'Real Time Data Mining-based Intrusion Detection,' in DARPA Information Survivability Conference & Exposition II, 2001. DISCEX '01. Proceedings, 2001, pp. 89-100. [6] J.-H. Leet, J.-H. Leet, S.-G. Sohn, J.-H. Ryu, and T.-M. Chung, 'Effective Value of Decision Tree with KDD 99 Intrusion Detection Datasets for Intrusion Detection System,' in Tenth International Conference on Advanced Communication Technology (ICACT 2008), 2008, pp. 1170-1175. [7] C. Zhang, J. Jiang, and M. Kamel, 'Intrusion Detection Using Hierarchical Neural Networks,' Pattern Recognition Letters, vol. 26, pp. 779-791, May 2005. [8] L. L. DeLooze, 'Attack Characterization and Intrusion Detection using an Ensemble of Self-Organizing Maps,' in 2006 International Joint Conference on Neural Networks, 2006, pp. 108-115. [9] S. A. Mulay, P. R. Devale, and G. V. Garje, 'Decision tree based Support Vector Machine for Intrusion Detection,' in International Conference on Networking and Information Technology (ICNIT), 2010, pp. 59-63. [10] W. Lee and S. J. Stolfo, 'A Framework for Constructing Features and Models for Intrusion Detection Systems,' ACM Transactions on Information and System Security (TISSEC), vol. 3, pp. 227-261, Nov. 2000. [11] S. Peddabachigari, A. Abraham, and J. Thomas, 'Intrusion Detection Systems Using Decision Trees and Support Vector Machines,' International Journal of Applied Science & Computations, pp. 118-134, 2004. [12] F. Gharibian and A. A. Ghorbani, 'Comparative Study of Supervised Machine Learning Techniques for Intrusion Detection,' in Fifth Annual Conference on Communication Networks and Services Research (CNSR '07), 2007, pp. 350-358. [13] A. Gregio, R. Santos, and A. Montes, 'Evaluation of Data Mining Techniques for Suspicious Network Activity Classification Using Honeypots Data,' in Proc. SPIE. 6570, Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security, 2007, pp. 657006-1-657006-10. [14] S. Zhong, T. M. Khoshgoftaar, and N. Seliya, 'Clustering-based Network Intrusion Detection,' International Journal of Reliability, Quality and Safety Engineering, vol. 14, pp. 169-187, Apr. 2007. [15] O. Depren, M. Topallar, E. Anarim, and M. K. Ciliz, 'An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks,' Expert Systems woth Applications, vol. 29, pp. 713-722, Nov. 2005. [16] S. R. Gaddam, V. V. Phoha, and K. S. Balagani, 'K-Means+ID3: A Novel Method for Supervised Anomaly Detection by Cascading K-Means Clustering and ID3 Decision Tree Learning Methods,' IEEE Transactions on Knowledge and Data Engineering, vol. 19, pp. 345-354, 2007. [17] C. Kahn, P. A. Porras, S. Staniford-Chen, and B. Tung. Common Intrusion Detection Framework (CIDF) [Online]. Available: http://gost.isi.edu/cidf/ [18] H. Debar, D. Curry, and B. Feinstein, The Intrusion Detection Message Exchange Format (IDMEF), IETF RFC4765, Mar. 2007; http://www.ietf.org/rfc/rfc4765.txt. [19] Z. Yu, J. J. P. Tsai, and T. Weigert, 'An Automatically Tuning Intrusion Detection System,' IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics, vol. 37, pp. 373-384, 2007. [20] W. W. Cohen and Y. Singer, 'A Simple, Fast, and Effective Rule Learner,' in Proceedings of the sixteenth national conference on Artificial intelligence and the eleventh Innovative applications of artificial intelligence conference innovative applications of artificial intelligence, Orlando, Florida, USA, 1999, pp. 335-342. [21] K. Leung and C. Leckie, 'Unsupervised Anomaly Detection in Network Intrusion Detection Using Clusters,' in Twenty-Eighth Australasian Computer Science Conference (ACSC2005), Newcastle, Australia, 2005, pp. 333-342. [22] S. Gujral, E. Ortiz, and V. L. Syrmos, 'An Unsupervised Method for Intrusion Detection Using Spectral Clustering,' in IEEE Symposium on Computational Intelligence in Cyber Security (CICS '09), 2009, pp. 99-106. [23] Y. Zhong, H. Yamaki, and H. Takakura, 'A Grid-based Clustering for Low-overhead Anomaly Intrusion Detection,' in Fifth International Conference on Network and System Security (NSS), 2011, pp. 17-24. [24] S. Roschke, F. Cheng, and C. Meinel, 'Intrusion Detection in the Cloud,' in Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC '09), 2009, pp. 729-734. [25] K. Vieira, A. Schulter, C. B. Westphall, and C. M. Westphall, 'Intrusion Detection for Grid and Cloud Computing,' IT Professional, vol. 12, pp. 38-43, 2010. [26] H. A. Kholidy and F. Baiardi, 'CIDS: A Framework for Intrusion Detection in Cloud Systems,' in Ninth International Conference on Information Technology: New Generations (ITNG), 2012, pp. 379-385. [27] V. Paxson, 'Bro: A System for Detecting Network Intruders in Real-Time,' Computer Networks, vol. 31, pp. 2435-2463, Dec. 1999. [28] P. E. Utgoff, N. C. Berkman, and J. A. Clouse, 'Decision Tree Induction Based on Efficient Tree Restructuring,' Machine Learning, vol. 29, pp. 5-44, 1997. [29] A. Y. Ng, M. I. Jordan, and Y. Weiss, 'On Spectral Clustering: Analysis and an algorithm,' in Advances in Neural Information Processing Systems (NIPS), 2001, pp. 849-856. [30] U. v. Luxburg, 'A Tutorial on Spectral Clustering,' Statistics and Computing, vol. 17, pp. 395-416, Dec. 2007. [31] B. Pfaff, J. Pettit, T. Koponen, K. Amidon, M. Casado, and S. Shenker, 'Extending Networking into the Virtualization Layer,' in Eighth ACM Workshop on Hot Topics in Networks (HotNets-VIII), New York City, NY, 2009. [32] MIT Lincoln Laboratory. 2000 DARPA Intrusion Detection Scenario Specific Data Sets [Online]. Available: http://www.ll.mit.edu/mission/communications/cyber/CSTcorpora/ideval/data/2000data.html [33] MIT Lincoln Laboratory. 1998 DARPA Intrusion Detection Evaluation Data Set [Online]. Available: http://www.ll.mit.edu/mission/communications/cyber/CSTcorpora/ideval/data/1998data.html
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/62842	-
dc.description.abstract	隨著來自網路的攻擊不斷增加，入侵偵測系統經常被設置於網路中的最前端做偵測攻擊之用。為了達到異常偵測的功能，機器學習或資料探勘的演算法經常被用來實作這類的入侵偵測系統。然而，這些演算法通常需要一個龐大且已標記的資料集來做為訓練及學習的對象，而這樣的資料集在現實中是十分難以取得的。在本論文中，我們提出一個具有適應性的入侵偵測系統，此系統使用「譜聚類」這個非監督式學習演算法來標記來自網路上的連線資料，並根據這些資料使用決策樹來建構此系統的偵測器。此外，此系統的架構使其可以很容易的佈署到雲端環境中。實驗結果顯示，此系統經過對新標記的資料集進行適應的過程後，在偵測攻擊的表現上有顯著的進步。	zh_TW
dc.description.abstract	With the advances and extensive deployment of the computer network, attacks from the Internet increase significantly. In order to detect those intrusions for further defending actions, the network-based intrusion detection system is usually used as the frontline detector. Since the means of attacks change rapidly, the intrusion detection system usually adopts machine learning or data mining algorithms to achieve anomaly detection. However, this kind of algorithms needs a set of labeled data for training the detection model, but this kind of data set is hard to obtain. In this thesis, we proposed a system that is adaptive for the ever-changing network environment. The system can construct a decision tree-based detection model for intrusion detection from unlabeled data by using an unsupervised learning algorithm called spectral clustering. And the system can be easily deployed on the Cloud environment. In the experiments with the DARPA 2000 data set and the KDD Cup 1999 data set, our system shows notable improvement on the detection performance after the adaptation procedure.	en
dc.description.provenance	Made available in DSpace on 2021-06-16T16:12:08Z (GMT). No. of bitstreams: 1 ntu-102-R99921086-1.pdf: 662738 bytes, checksum: 2ba079e1b3057e8e88b891857d8912ff (MD5) Previous issue date: 2013	en
dc.description.tableofcontents	口試委員會審定書 i 誌謝 ii 摘要 iii Abstract iv Chapter 1 Introduction 1 1.1 Intrusion Detection System 1 1.2 IDS on the Cloud 3 1.3 Contributions 4 1.4 Thesis Organization 4 Chapter 2 Relating work 5 2.1 Adaptive IDS 5 2.2 Architecture of Cloud-based IDSs 8 Chapter 3 Purposed Architecture 10 3.1 System architecture 11 3.2 Preprocessor 11 3.3 Analyzer 13 3.4 Detector 17 Chapter 4 Deploy on Cloud 19 4.1 Framework 19 4.2 Client VM 20 4.3 Server VM 21 Chapter 5 Experiments 23 5.1 The DARPA 2000 data set 24 5.2 The KDD Cup 1999 data set 27 5.3 Experiments on DARPA 2000 data set 30 5.4 Experiments on KDD Cup 1999 data set 33 Chapter 6 Conclusions 37 References 39
dc.language.iso	zh-TW
dc.subject	雲端環境	zh_TW
dc.subject	適應性入侵偵測系統	zh_TW
dc.subject	異常入侵偵測系統	zh_TW
dc.subject	譜聚類	zh_TW
dc.subject	決策樹	zh_TW
dc.subject	Anomaly IDS	en
dc.subject	Adaptive IDS	en
dc.subject	Cloud Environment	en
dc.subject	Decision Tree	en
dc.subject	Spectral Clustering	en
dc.title	可用於雲端環境下之具適應性入侵偵測系統	zh_TW
dc.title	An Adaptive Network-based Intrusion Detection System on the Cloud Environment	en
dc.type	Thesis
dc.date.schoolyear	101-1
dc.description.degree	碩士
dc.contributor.oralexamcommittee	顏嗣鈞(Hsu-Chun Yen),雷欽隆(Chin-Laung Lei)
dc.subject.keyword	適應性入侵偵測系統,異常入侵偵測系統,譜聚類,決策樹,雲端環境,	zh_TW
dc.subject.keyword	Adaptive IDS,Anomaly IDS,Spectral Clustering,Decision Tree,Cloud Environment,	en
dc.relation.page	41
dc.rights.note	有償授權
dc.date.accepted	2013-02-18
dc.contributor.author-college	電機資訊學院	zh_TW
dc.contributor.author-dept	電機工程學研究所	zh_TW
顯示於系所單位：	電機工程學系

文件中的檔案：

檔案	大小	格式
ntu-102-1.pdf 未授權公開取用	647.21 kB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。