| Intrusion detection is an important technology of network and information security guaranty. The thesis applied data mining technologies to intrusion detection because of its studying and mining capabilities of data mining, and did some research work, including finite state automaton studying algorithm applied to intrusion detection based on program's system calls, and clustering algorithm applied to root cause analysis of alarm information of intrusion detection system. The four principal achievements have been obtained:First, researched and proposed a framework of intrusion detection. On the basis of proving virus intrusion detection is not decision, proposing common detection framework of intrusion doesn't exist, and giving the framework of intrusion detection. Intrusion detection framework does intrusion detection from several data sources and analysis technologies, its data sources are host data sources and network data sources and alarm information data sources, using misuse detection technology and anomaly detection technology analysis host data sources and network data sources, using root cause analysis technology and correlation technology analysis alarm information data sources.Second, reasearched and proposed using alarm information root cause analysis technology and correlation analysis technology to detection intrusion. On the basis of analysis of intrusion detection alarm information and intrusion process, finding that a lot of alarm information of intrusion detection system are generated by several alarm information root causes, these root causes are exposured large alarm information sets; finding that exists correlation between true alarm information, it may recurrence attack episode through these correlation, increasing the understand of alarm information.Third, researched and propsing a method of expressing program system call action using finite state automaton. Finding to use finite state automaton may effectively express program action through analysis program, giving a basis studying algorithm of program action, it improved the performance of intrusion detection through using common program programming heuristic knowledge to the basis studying algorithm. At last, analysising studying algorithm and detection performance and proving automaton study's complete.Fourth, researched and realized a method using clustering technology on alarm...
|
PDF Full Text Request