混合式入侵偵測系統基於模糊關聯式規則

Po-Ting Chen; 陳柏廷

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/18207

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	王勝德
dc.contributor.author	Po-Ting Chen	en
dc.contributor.author	陳柏廷	zh_TW
dc.date.accessioned	2021-06-08T00:54:54Z	-
dc.date.copyright	2015-03-16
dc.date.issued	2015
dc.date.submitted	2015-02-24
dc.identifier.citation	[1] A. Lazarevic, L. Ertoz, V. Kumar, A. Ozgur, J. Srivastava, A comparative study of anomaly detection schemes in network intrusion detection, Proceedings of the Third SIAM Conference on Data Mining, May 2003. [2] Ada Wei-chee Fu, Man Hon Wong, Siu Chun Sze, Wai Chiu Wong, Wai Lun Wong, Wing kwan Yu, Fining fuzzy sets for the mining of fuzzy association rules for numerical attributes, Department of Computer Science and Engineering, The Chinese University of Hong Kong, Shatin, Hong Kong , 1998. [3] Agrawal, R., Imieliński, T., Swami, A., Mining asscomociation rules between sets of items in large databases, Proceedings of the 1993 ACM SIGMOD international conference on Management of data - SIGMOD '93 , 1993. [4] Chun-Wei Lin, Tzung-Pei Hong, TWen-Hsiang Lu, Linguistic data mining with fuzzy FP-trees, Expert Systems with Application 37 , 2010 [5] D. Anderson, T.F. Lunt, H. Javits, A. Tamaru, A. Valdes, Detecting unusual program behavior using the statistical components of NIDES, NIDES Technical Report, SRI International , May 1995. [6] D. Brauckhoff, X. Dimitropoulos, A. Wagner, and K. Salamatian, Anomaly extraction in backbone networks using association rules, IMC’09 , November 4–6, 2009. [7] KDD cup 99 Dataset. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. [8] M. Ali Aydın , , A. Halim Zaim , K. Gokhan Ceylan, A hybrid intrusion detection system design for computer network security, Computers & Electrical Engineering , May 2009. [9] MacQueen, J.B., Some methods for classification and analysis of multivariate observations, Proceedings of 5 th Berkeley Symposium on Mathematical Statistics and Probability , 1967. [10] Mahoney MV, Chan PK, PHAD: packet header anomaly detection for identifying hostile network traffic, Florida Institute of Technology Technical Report , 2001. [11] Mahoney MV., Network traffic anomaly detection based on packet bytes, In Proceedings of ACM-SAC , 2003. [12] Pang-Ning Tan, Vipin Kumar, Jadeep Srivastava, Selecting the right objective measure for association analysis, Information System 29 , 2004. [13] Quinlan, J. R., Simplifying decision trees, International Journal of Man-Machine Studies 27 , 1987. [14] R. Lippmann, S. Cunningham, Improving intrusion detection performance using keyword selection and neural networks, Comput. Netw. 34 , 2000. [15] Ramakrishnan Srikant, Rakesh Agrawal, Mining quantitative association rules in large relational table, SIGMOD '96 , 1996. [16] Raymond T. Ng and Jiawei Han, CLARANS: A method for clustering objects for spatial data mining, IEEE TRANSACTIONS OF KNOWLEDGE AND DATA ENGINEERING 2002 , 2002. [17] Robin Sommer, Vern Paxson, Outside The Closed World : On using machine learning for network intrusion detection, IEEE Security & Privacy , 2010. [18] Snort intrusion detection system, http://www.snort.org. [19] The Bro Network Security Monitor https://www.bro.org.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/18207	-
dc.description.abstract	入侵偵測包含錯誤偵測與異常偵測,錯誤偵測可以找出已知攻擊而異常偵測則著重在找出未知攻擊。故入侵偵測系統應該同時具有處理已知攻擊與未知攻擊的能力。本研究提出一個入侵偵測系統架構可以達成錯誤偵測與異常偵測,可以達到錯誤偵測的準確度又能偵測到新穎攻擊。本研究並以模糊關聯式規則自動化產生入侵偵測系統規則檔供管理者偵測而關聯式規則探勘產生出的規則檔更可依照管理者的需求自由作更動或是自行產生規則檔以達成更彈性的使用。本研究以 KDD Cup99 與自行收集的資料集作評估與分析,利用模糊關聯式規則所產生的規則來偵測下可以讓錯誤偵測的偵測率在 KDD Cup 資料集最高達 97.4%,異常偵測偵測率與誤判率約在 95%與 10%。自製的資料集則可在幾乎沒有誤判率的情形下偵測率達約 86%。	zh_TW
dc.description.abstract	Intrusion detection includes both misuse detection and anomaly detection. Misuse detection concerns the detection of known attacks, while anomaly detection is about the detection of attacks that might be unknown. It is important for an intrusion detection system to have ability to detection both misuse and anomlay situations. The thesis presents an intrusion detection system (IDS) that architecture can achieve both misuse detection and anomaly detection. The goal of misuse detection is to achieve higher accuracy and anomaly detection to detect unknown attacks. The rule files can be edited and added to modify or expand the functionality. In this study, we use fuzzy association rule mining to automatically generate rule files for IDS. In this study, KDD Cup 99 dataset and our own dataset are for assessment and analysis. By using KDD Cup 99 dataset, the detection rate of misuse detection can reach almost 97.4% and the detection rate of anomaly detection can achieve 95% with false positive rate equal to 0%. Using our own dataset, the detection rate is 95% and the false positive rate is 10%.	en
dc.description.provenance	Made available in DSpace on 2021-06-08T00:54:54Z (GMT). No. of bitstreams: 1 ntu-104-R01921074-1.pdf: 1491121 bytes, checksum: 4e8941fe743bed99e6390a128c4219b6 (MD5) Previous issue date: 2015	en
dc.description.tableofcontents	摘要 i 第一章緒論 ...................................................................................................... 1 第二章相關研究 .............................................................................................. 4 第三章背景知識 .............................................................................................. 6 3-1. 入侵偵測系統............................................................................................................................................ 6 3-2. 模糊邏輯與模糊集合論 ........................................................................................................................ 9 3-3. 關聯式規則 ............................................................................................................................................. 10 3-4. 模糊關聯式規則 .................................................................................................................................... 12 第四章系統架構 ............................................................................................ 15 4-1. 訓練 ............................................................................................................................................................ 16 4-1-1. 訓練資料預處理 ................................................................................................................................... 17 4-1-2. 模糊關聯式規則探勘 ........................................................................................................................ 22 4-2 規則資料庫管理 ..................................................................................................................................... 27 4-3. 偵測 ............................................................................................................................................................ 28 4-3-1. 異常偵測 .............................................................................................................................................. 29 4-3-2. 錯誤偵測 .............................................................................................................................................. 29 第五章評估 .................................................................................................... 31 5-1. 資料來源 .................................................................................................................................................. 31 5-2. 實驗環境與設置 .................................................................................................................................... 33 5-3. 實驗數據與分析 .................................................................................................................................... 34 第六章結論與未來方向 ................................................................................. 38 第七章參考文獻 ............................................................................................ 39
dc.language.iso	zh-TW
dc.title	混合式入侵偵測系統基於模糊關聯式規則	zh_TW
dc.title	A Hybrid Intrusion Detection Technique using Fuzzy Association Rules	en
dc.type	Thesis
dc.date.schoolyear	103-1
dc.description.degree	碩士
dc.contributor.oralexamcommittee	雷欽隆,陳銘憲,于天立
dc.subject.keyword	資訊安全,入侵偵測系統,	zh_TW
dc.subject.keyword	computer security,intrusion detection system,	en
dc.relation.page	41
dc.rights.note	未授權
dc.date.accepted	2015-02-24
dc.contributor.author-college	電機資訊學院	zh_TW
dc.contributor.author-dept	電機工程學研究所	zh_TW
顯示於系所單位：	電機工程學系

文件中的檔案：

檔案	大小	格式
ntu-104-1.pdf 未授權公開取用	1.46 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。