分布式网络安全预警研究计算机科学与技术专业论文.docx

哈尔滨工业大学工学硕士论文 Abstract With the rapid development of the computer and network technology, the network security is drawing more and more attention. The increasing complexity of the network structure, widely used distributed application environment, all make centralized security warning systems difficult to extract useful information from the rapidly growing massive alarm information. They can not provide realtime warnings with accuracy, which usually leads to the missing of the best emergency response time. As a result, there is an urgent need to reduce alarm information, eliminate false alarms, and correlate alert, to give the warning about network attacks from a higher level. Based on the demand, this paper presents our research on the distributed network security warning based intrusion detection system. First this paper introduces the background and significance of the security warning, makes an overview on the current main method of security warning, and formulates that data mining plays an important role in the security warning. Second, this paper introduces the basic concepts and some commonly used algorithms of HYPERLINK /dict_result.aspx?searchword=%e5%85%b3%e8%81%94%e6%8c%96%e6%8e%98amp;tjType=sentenceamp;styleamp;t=association%2Bmining association mining and sequence mining. Then, this paper studies the traditional IDS, points out that the traditional IDS can not record the frequency and the state of attack. Therefore this paper makes following optimizaion: this paper proposes a method of using the focus recognition to analyse the high frequence attacks such as the DOS attack and the worm attack. To find the multi-step attacks, this paper proposes to use the increment sequential pattern mining GCcispan to analyse the alarm information. The experiments show that the GCcispan algorithm makes it easier to find the multi-step attack compared with other algorithms. In addition, it has better scalability, and can also deal with the dynamic growth of the log. In