請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/18207
完整後設資料紀錄
DC 欄位 | 值 | 語言 |
---|---|---|
dc.contributor.advisor | 王勝德 | |
dc.contributor.author | Po-Ting Chen | en |
dc.contributor.author | 陳柏廷 | zh_TW |
dc.date.accessioned | 2021-06-08T00:54:54Z | - |
dc.date.copyright | 2015-03-16 | |
dc.date.issued | 2015 | |
dc.date.submitted | 2015-02-24 | |
dc.identifier.citation | [1] A. Lazarevic, L. Ertoz, V. Kumar, A. Ozgur, J. Srivastava, A comparative study of
anomaly detection schemes in network intrusion detection, Proceedings of the Third SIAM Conference on Data Mining, May 2003. [2] Ada Wei-chee Fu, Man Hon Wong, Siu Chun Sze, Wai Chiu Wong, Wai Lun Wong, Wing kwan Yu, Fining fuzzy sets for the mining of fuzzy association rules for numerical attributes, Department of Computer Science and Engineering, The Chinese University of Hong Kong, Shatin, Hong Kong , 1998. [3] Agrawal, R., Imieliński, T., Swami, A., Mining asscomociation rules between sets of items in large databases, Proceedings of the 1993 ACM SIGMOD international conference on Management of data - SIGMOD '93 , 1993. [4] Chun-Wei Lin, Tzung-Pei Hong, TWen-Hsiang Lu, Linguistic data mining with fuzzy FP-trees, Expert Systems with Application 37 , 2010 [5] D. Anderson, T.F. Lunt, H. Javits, A. Tamaru, A. Valdes, Detecting unusual program behavior using the statistical components of NIDES, NIDES Technical Report, SRI International , May 1995. [6] D. Brauckhoff, X. Dimitropoulos, A. Wagner, and K. Salamatian, Anomaly extraction in backbone networks using association rules, IMC’09 , November 4–6, 2009. [7] KDD cup 99 Dataset. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. [8] M. Ali Aydın , , A. Halim Zaim , K. Gokhan Ceylan, A hybrid intrusion detection system design for computer network security, Computers & Electrical Engineering , May 2009. [9] MacQueen, J.B., Some methods for classification and analysis of multivariate observations, Proceedings of 5 th Berkeley Symposium on Mathematical Statistics and Probability , 1967. [10] Mahoney MV, Chan PK, PHAD: packet header anomaly detection for identifying hostile network traffic, Florida Institute of Technology Technical Report , 2001. [11] Mahoney MV., Network traffic anomaly detection based on packet bytes, In Proceedings of ACM-SAC , 2003. [12] Pang-Ning Tan, Vipin Kumar, Jadeep Srivastava, Selecting the right objective measure for association analysis, Information System 29 , 2004. [13] Quinlan, J. R., Simplifying decision trees, International Journal of Man-Machine Studies 27 , 1987. [14] R. Lippmann, S. Cunningham, Improving intrusion detection performance using keyword selection and neural networks, Comput. Netw. 34 , 2000. [15] Ramakrishnan Srikant, Rakesh Agrawal, Mining quantitative association rules in large relational table, SIGMOD '96 , 1996. [16] Raymond T. Ng and Jiawei Han, CLARANS: A method for clustering objects for spatial data mining, IEEE TRANSACTIONS OF KNOWLEDGE AND DATA ENGINEERING 2002 , 2002. [17] Robin Sommer, Vern Paxson, Outside The Closed World : On using machine learning for network intrusion detection, IEEE Security & Privacy , 2010. [18] Snort intrusion detection system, http://www.snort.org. [19] The Bro Network Security Monitor https://www.bro.org. | |
dc.identifier.uri | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/18207 | - |
dc.description.abstract | 入侵偵測包含錯誤偵測與異常偵測,錯誤偵測可以找出已知攻擊而異常偵測
則著重在找出未知攻擊。故入侵偵測系統應該同時具有處理已知攻擊與未知攻擊 的能力。本研究提出一個入侵偵測系統架構可以達成錯誤偵測與異常偵測,可以 達到錯誤偵測的準確度又能偵測到新穎攻擊。本研究並以模糊關聯式規則自動化 產生入侵偵測系統規則檔供管理者偵測而關聯式規則探勘產生出的規則檔更可 依照管理者的需求自由作更動或是自行產生規則檔以達成更彈性的使用。 本研究以 KDD Cup99 與自行收集的資料集作評估與分析,利用模糊關聯式規 則所產生的規則來偵測下可以讓錯誤偵測的偵測率在 KDD Cup 資料集最高達 97.4%,異常偵測偵測率與誤判率約在 95%與 10%。自製的資料集則可在幾乎沒 有誤判率的情形下偵測率達約 86%。 | zh_TW |
dc.description.abstract | Intrusion detection includes both misuse detection and anomaly detection. Misuse
detection concerns the detection of known attacks, while anomaly detection is about the detection of attacks that might be unknown. It is important for an intrusion detection system to have ability to detection both misuse and anomlay situations. The thesis presents an intrusion detection system (IDS) that architecture can achieve both misuse detection and anomaly detection. The goal of misuse detection is to achieve higher accuracy and anomaly detection to detect unknown attacks. The rule files can be edited and added to modify or expand the functionality. In this study, we use fuzzy association rule mining to automatically generate rule files for IDS. In this study, KDD Cup 99 dataset and our own dataset are for assessment and analysis. By using KDD Cup 99 dataset, the detection rate of misuse detection can reach almost 97.4% and the detection rate of anomaly detection can achieve 95% with false positive rate equal to 0%. Using our own dataset, the detection rate is 95% and the false positive rate is 10%. | en |
dc.description.provenance | Made available in DSpace on 2021-06-08T00:54:54Z (GMT). No. of bitstreams: 1 ntu-104-R01921074-1.pdf: 1491121 bytes, checksum: 4e8941fe743bed99e6390a128c4219b6 (MD5) Previous issue date: 2015 | en |
dc.description.tableofcontents | 摘要 i
第一章 緒論 ...................................................................................................... 1 第二章 相關研究 .............................................................................................. 4 第三章 背景知識 .............................................................................................. 6 3-1. 入侵偵測系統............................................................................................................................................ 6 3-2. 模糊邏輯與模糊集合論 ........................................................................................................................ 9 3-3. 關聯式規則 ............................................................................................................................................. 10 3-4. 模糊關聯式規則 .................................................................................................................................... 12 第四章 系統架構 ............................................................................................ 15 4-1. 訓練 ............................................................................................................................................................ 16 4-1-1. 訓練資料預處理 ................................................................................................................................... 17 4-1-2. 模糊關聯式規則探勘 ........................................................................................................................ 22 4-2 規則資料庫管理 ..................................................................................................................................... 27 4-3. 偵測 ............................................................................................................................................................ 28 4-3-1. 異常偵測 .............................................................................................................................................. 29 4-3-2. 錯誤偵測 .............................................................................................................................................. 29 第五章 評估 .................................................................................................... 31 5-1. 資料來源 .................................................................................................................................................. 31 5-2. 實驗環境與設置 .................................................................................................................................... 33 5-3. 實驗數據與分析 .................................................................................................................................... 34 第六章 結論與未來方向 ................................................................................. 38 第七章 參考文獻 ............................................................................................ 39 | |
dc.language.iso | zh-TW | |
dc.title | 混合式入侵偵測系統基於模糊關聯式規則 | zh_TW |
dc.title | A Hybrid Intrusion Detection Technique using Fuzzy Association Rules | en |
dc.type | Thesis | |
dc.date.schoolyear | 103-1 | |
dc.description.degree | 碩士 | |
dc.contributor.oralexamcommittee | 雷欽隆,陳銘憲,于天立 | |
dc.subject.keyword | 資訊安全,入侵偵測系統, | zh_TW |
dc.subject.keyword | computer security,intrusion detection system, | en |
dc.relation.page | 41 | |
dc.rights.note | 未授權 | |
dc.date.accepted | 2015-02-24 | |
dc.contributor.author-college | 電機資訊學院 | zh_TW |
dc.contributor.author-dept | 電機工程學研究所 | zh_TW |
顯示於系所單位: | 電機工程學系 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-104-1.pdf 目前未授權公開取用 | 1.46 MB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。