基于数据挖掘技术的NIDS警报异常检测系统设计与实现-计算机软件与理论专业论文.docxVIP

Design Design and Implementation of NIDS Alarms Anomaly Detection System Model Based on Data Mining Technology Abstract As an important component of network security，Intrusion Detection System (IDS)has been used more and more widely．But the development of IDS has faced new problems；one of the most subject matters is the increment of intrusion alarms and the high false positive rate． As a late—model artificial intelligence method in recent years，Data Mining(DM) can process large amount of auditing data intelligently，and can mine useful knowledge． For reducing intrusion alarms and decreasing false—positive rate，the dissertation has researched into how to analyze intrusion detection alarms by means of data mining technology．The main contributions of this dissertation are described as follows： (1)The dissertation has researched the adverse influences followed by large number of repeat alarms and false positives，and the main reasons that bring forth them． (2)The dissertation has researched associated knowledge of data mining technology，and then aiming at the its prevalence in mining useful knowledge from large amount of data，the dissertation has analyzed how to apply data mining technology into intrusion alarms compaction． (3)The dissertation has designed and implemented a NIDS alarms anomaly detection system model based on data mining technology，and by using alarm data given by snort，the dissertation has tested the model．The result of experiment has proved：the system can reduce intrusion alarms and decrease false positives effectively． Keywords：IDS，Data mining，Intrusion alarms，False positive，Anomaly detection 合肥工业大学本论文经答辩委员会全体委员审查，确认符合合肥工业大学 合肥工业大学 本论文经答辩委员会全体委员审查，确认符合合肥工业大学 硕士学位论文质量要求。 答辩委员会签名：(工作单位、职称) 1《 主席： 矽彳 恫纠出了孑吖碰 委员： i气球奴 钕2圭f∥翻玛 S／t C) 1’ ‰彻万 一7 ·) I (／ 溺暂 引教撞 导师： 川缀 独创性声明本人声明所呈交的学位论文是本人在导师指导下进行的研究t作及取得的研究成果。据 独创性声明 本人声明所呈交的学位论文是本人在导师指导下进行的研究t作及取得的研究成果。据 我所知，除了文中特别加以标志和致谢的地方外，论文中不包含其他人已经发表或撰写过的 研究成果，也不包含为获得金胆』些盔堂 或其他教育机构的学位或证书而使用过的材 料。与我一同工作的同志对本研究所做的任何贡献均已在论