中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 中科院软件所  > 中科院软件所
题名:
宏观网络安全数据挖掘与支撑系统的设计及实现
作者: 万里
答辩日期: 2007-06-05
授予单位: 中国科学院软件研究所
授予地点: 软件研究所
学位: 博士
关键词: 宏观网络安全 ; 安全数据 ; 数据挖掘 ; 支撑系统
其他题名: The Design and Implementation of a Macro-Network Security Data Mining and Support System
摘要: 随着互联网络的发展,网络入侵手段日趋多样化。从个人角度来说,它对私人信息造成了极大的威胁,给生活带来了极大的困扰;从宏观上来说,它危及了国家安全和社会稳定造成威胁,所以宏观网络安全问题被提上日程。本文相关的宏观网络安全数据挖掘支撑系统是利用数据挖掘实现的一个宏观网络安全辅助决策系统。具体来讲,本文主要研究内容如下: 在分析系统需求的基础上,讲述相关的网络安全知识和数据挖掘背景,并解释将用到的几种数据挖掘算法。 设计支撑系统的整体架构,并使用客户端/服务器结构实现了该系统。 通过分析宏观网络安全的流量与事件数据,提出若干种对流量数据和事件数据的分析方法: 利用自相关函数和预测的方法实现了基于周期的流量异常分析; 利用模式匹配实现了基于序贯频繁项集的流量模式分析; 利用层次模型实现了流量态势评估; 利用概率后缀树和序列关联实现了事件异常度和关联分析。 在其它实时检测方面,实现了蠕虫检测等功能。 最后以3个月的真实宏观网络流量与安全事件的数据为实验对象,描述并分析了流量分析模块与事件分析模块的结果。
英文摘要: As internet technology advances, network intrusion measures have become more and more diversified. For individuals, this situation has greatly bothered people’s lives and posed huge threats to personal information security. For the public as a whole, it endangers state security and the stability of our society. The macro-network security data mining and support system that we explore in this paper is a decision support system based on data mining. The main contents of this dissertation are as follows: Based on analysis of system requirements, we present related network security knowledge and data mining algorithms. We design the overall architecture of the support system and implement this system based on Client-Server architecture. Through analysis of the macro-network events and the flow of network security data, we propose several analytical methods for flow data and event data: We implement a module that conducts periodicity-based outlier analysis based on self-correlation and prediction. We implement a module that conducts flow pattern analysis based on sequence frequent pattern mining. We implement a module that realizes the evaluation of flow status based on hierarchical models. We realize event abnormality degree and association analysis using probability suffix tree. In other aspects of real-time detection, we implement the function such as worm detection. By conducting experiments on 3-month real-world macro-network flow and event data, we present the results of flow analytical modules and event analytical modules and then draw some conclusions about the pros and cons of the system.
语种: 中文
内容类型: 学位论文
URI标识: http://ir.iscas.ac.cn/handle/311060/6128
Appears in Collections:中科院软件所

Files in This Item:
File Name/ File Size Content Type Version Access License
10001_200428015029127万里_paper.doc(1148KB)----限制开放-- 联系获取全文

Recommended Citation:
万里. 宏观网络安全数据挖掘与支撑系统的设计及实现[D]. 软件研究所. 中国科学院软件研究所. 2007-06-05.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[万里]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[万里]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace