《基于遗传规划的入侵检测系统研究与实现》由会员分享,可在线阅读,更多相关《基于遗传规划的入侵检测系统研究与实现(64页珍藏版)》请在金锄头文库上搜索。
1、暨南大学 硕士学位论文 基于遗传规划的入侵检测系统研究与实现 姓名:陈凤其 申请学位级别:硕士 专业:计算机软件与理论 指导教师:罗伟其 20100608 ? ? I ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? BPF ? ? ? ? ? ? ? ? ? ? ? ? DARPA 99 ? Snort ? ? ?; ?; ?; ? ? ? II ABSTRACT The Internet penetration rate in China maintains a growth momentum in recent years, whic
2、h promotes the development of some new industries such as E-Business and Online Payment. At the same time, various kinds of network security incidents have arisen ,which poses a threat to the safety of peoples property and demands higher levels of network security technologies including intrusion de
3、tection. As an important component of the network security architecture, Intrusion detection system can detect attack attempts. However, traditional intrusion detection system cannot meet current demand of network security due to some problems of its own. Its necessary to get further research for in
4、trusion detection system. First this thesis makes an in-depth analysis of intrusion detection system based on rule detection to get a thorough understanding of the mechanism of common intrusion detection system and the basic structure of detection rules. Then a new intrusion detection system based o
5、n genetic programming has been proposed. This intrusion detection system is made up of packet capture engine, detection engine, rule evolution engine, rule selection engine, rule base and other components. The rule evolution engine is the core of the intrusion detection system. According to the prin
6、ciple of genetic programming, new rules will be generated by original rule base and history records of invasion with the rule evolution engine. The performance of detection system will be improved by the potential of detecting new forms of intrusion due to the fact that genetic programming is an eff
7、ective search optimization technique. The design of the intrusion detection system based on genetic programming is presented in detail. The packet capture engine uses the BPF packet filtering mechanism, which allows us to capture packets that need to detect. In addition, the packet capture engine al
8、so supports a data packet parsing and a classification will be done after that. The detection engine is composed of several detection sub-modules, every of which only detects data packets of some special protocols. The rule evolution engine contains several important algorithms, such as cross algori
9、thm, mutation algorithm, rule conflict detection algorithm and so on. The rule selection engine selects rules that qualify both in structure and composition, which ensures that every ? ? III rule updated into rule base is a valid one. Finally, this thesis describes the implementation process of the
10、intrusion detection system based on genetic programming. A comparison with Snort detection system in positive detection rate and false detection rate by DARPA 99 dataset is also presented. Key Words: Network Security; Intrusion Detection System; Detection Rule; Genetic Programming ? ? VI ? ? 2-1 ?.13 ? 3-1 ? IDS ?.16 ? 3-2 ?.17 ? 3-3 ?.18 ? 3-4 ?.21 ? 3-5 ? IDS ?.22 ? 3-6 ?.23 ? 3-7 ?.24 ? 3-8 ?.26 ? 3-9 ?.35 ? 4-1 ? IDS ?.41 ? 4-2 ?.
