基于数据挖掘的Snort入侵检测规则生成研究-软件工程专业论文.docxVIP

基于数据挖掘的Snort入侵检测规则生成研究专业：软件工程 基于数据挖掘的Snort入侵检测规则生成研究 专业：软件工程 硕士生：莫家庆 指导教师：龙冬阳教授 摘 要 目前数据挖掘技术研究方兴未艾，其实质是在海量数据中找出人们感兴趣的数据并以满 足我们需要的某种形式呈现在我们眼前。现代网络技术发展迅速，给人类带来极大便利。但 是任何事物都具备两面性。Internet造福人类的同时，信息安全问题也越来越突出。网络数 据流量巨大，黑客攻击手法层出不穷，要发现其中的入侵行为极其不易。所以，运用据挖掘 技术对网络数据集进行挖掘处理，以发现其中的入侵行为或异常现象获得越来越多的关注。 本文尝试使用Apriori方法对网络数据集进行挖掘处理，生成关联规则，在此基础上提 出将关联规则转化为开源入侵检测系统Snort的入侵检测规则的思想。然后在实际应用中， 结合一些网络连接参考属性将关联规则转化为Snort入侵检测规则，将设想变为现实。随后 将这些规则取代Snort原有规则，并以原数据集进行重放攻击检验实验，并对实验结果进行 分析，并针对误报率高的情况给出一些解决办法。 最后，本文还对使用关联分析技术生成入侵规则方法所存在的问题，提出了一些解决办 法，包括采用多种数据挖掘技术综合处理，进行实时挖掘，挖掘系统审计日志等。 关键字：数据挖掘，Snort，Apriori，关联规则，入侵检测规则 The The Research of Building Snort Intrusion Detective Rules Based on Data Mining MaJorSoftare Engineering Author：Jiaqing Me Supervisor：Prof．Dongyang Long ABSTRACT NowadayS，the research on Data Mining technology is in the ascendant．In fact，the goal is to find the imeresting data in huge amounts of data and present them to people in the pattern which meet our need．At the same time，the modern network technology develops rapidly,and make great benefit to human being．It is very difficult to find the intmswe behaviors of hackers while data flow in network is hllge and hacker intrusion methods emergeed in endlessly．As result，mining the network dataset with Data Mining technology to find intrusive behaviors or abnormal phenomena gained more and more attention． This paper attempted to mine the network dataset with Apriori method and obtain the assocation rules．Based on the assocation rules，this paper proposals the idea of transform them into the intrusion detection rules of Snort，which is a open source IDS．In the practical application，the assocation rules was transformed into SnOn intrusion detection rules with some attrSute of network connection．Subsequently the former rules in the Snort is replaced with the new rules，and experiment was made on replaying attack with the original dataset．Forthermore，this paper analyzes the experiment output and g．ve a solution to the high rate of error al