Font Size: a A A

Research On Multiple Continious Query Optimization In Data Stream And Application In Intrusion Detection

Posted on:2006-09-18Degree:MasterType:Thesis
Country:ChinaCandidate:X X ShenFull Text:PDF
GTID:2178360185496970Subject:Computer software and theory
Abstract/Summary:PDF Full Text Request
With the development of network technology, more and more applications are required to manage various forms of data streams. Due to the distinct difference between streaming data and static data, traditional database management system is no longer suitable for the management of high speed, mutative data. At the same time, continious query in data stream attracts comprehensive attention of the academia. For example, network intrution detection needs to deal with high speed flowing network packets in real time and is a typical application of data stream technology. The study of multiple continious query optimization in data stream in theory and application are both presented in this thesis. We make the following contributions:A summary about the state of art of data stream query is introduced. It illuminates the importance of multiple continious query optimization in data stream and its background in network security applications.An analysis of close relation between data stream management technology and its application such as network intrusion detection is presented. By transforming network packets to relations and detection rules to queries, a relational data stream model of network intrution detection is built. This model provides a general platform for network data processing and is a foundation for the improvement of the ability to share data and the performance of related application systems.A multiple filtering continious query optimization algorithm in single stream is presented. By compiling large numbers of queries into a matching tree, many redundancy comparing operations can be reduced. On the basis of matching tree, decision tree model is introduced. The dynamically adjust of attribute order according to the information gain can optimize the matching process furthermore. With respect to different attribute types, special methods are designed for int type, flags type and string type. Experiments to compare the decision tree matching method and the sequencial matching method are done. The results validate that the optimization algorithm dynamically reduces the comparing operations. With the increase of the query numbers, the performance keeps stable.A design and implementation of a data stream management model based intrusion detection system is presented. It adopts multiple query optimization algorithms. A test environment is built to validate its function and performance. Experiments show that this design is applicable. A performance comparation experiment is conducted. Results indicate that under heavy attack packet flows, our system performs better than Snort with lower dropped packet rate.
Keywords/Search Tags:Data Stream Processing, Data Stream Management System, Multiple Continious Query Optimization, Network Intrution Detection
PDF Full Text Request
Related items