請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/18207
標題: | 混合式入侵偵測系統基於模糊關聯式規則 A Hybrid Intrusion Detection Technique using Fuzzy Association Rules |
作者: | Po-Ting Chen 陳柏廷 |
指導教授: | 王勝德 |
關鍵字: | 資訊安全,入侵偵測系統, computer security,intrusion detection system, |
出版年 : | 2015 |
學位: | 碩士 |
摘要: | 入侵偵測包含錯誤偵測與異常偵測,錯誤偵測可以找出已知攻擊而異常偵測
則著重在找出未知攻擊。故入侵偵測系統應該同時具有處理已知攻擊與未知攻擊 的能力。本研究提出一個入侵偵測系統架構可以達成錯誤偵測與異常偵測,可以 達到錯誤偵測的準確度又能偵測到新穎攻擊。本研究並以模糊關聯式規則自動化 產生入侵偵測系統規則檔供管理者偵測而關聯式規則探勘產生出的規則檔更可 依照管理者的需求自由作更動或是自行產生規則檔以達成更彈性的使用。 本研究以 KDD Cup99 與自行收集的資料集作評估與分析,利用模糊關聯式規 則所產生的規則來偵測下可以讓錯誤偵測的偵測率在 KDD Cup 資料集最高達 97.4%,異常偵測偵測率與誤判率約在 95%與 10%。自製的資料集則可在幾乎沒 有誤判率的情形下偵測率達約 86%。 Intrusion detection includes both misuse detection and anomaly detection. Misuse detection concerns the detection of known attacks, while anomaly detection is about the detection of attacks that might be unknown. It is important for an intrusion detection system to have ability to detection both misuse and anomlay situations. The thesis presents an intrusion detection system (IDS) that architecture can achieve both misuse detection and anomaly detection. The goal of misuse detection is to achieve higher accuracy and anomaly detection to detect unknown attacks. The rule files can be edited and added to modify or expand the functionality. In this study, we use fuzzy association rule mining to automatically generate rule files for IDS. In this study, KDD Cup 99 dataset and our own dataset are for assessment and analysis. By using KDD Cup 99 dataset, the detection rate of misuse detection can reach almost 97.4% and the detection rate of anomaly detection can achieve 95% with false positive rate equal to 0%. Using our own dataset, the detection rate is 95% and the false positive rate is 10%. |
URI: | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/18207 |
全文授權: | 未授權 |
顯示於系所單位: | 電機工程學系 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-104-1.pdf 目前未授權公開取用 | 1.46 MB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。