English  |  正體中文  |  简体中文  |  Items with full text/Total items : 70585/70585 (100%)
Visitors : 23145418      Online Users : 541
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version

    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/9425

    Title: 利用權重字尾樹中頻繁事件序改善入侵偵測系統;Exploiting Frequent Episodes in Weighted Suffix Tree to Improve Intrusion Detection System
    Authors: 吳彥慶;Yen-Ching Wu
    Contributors: 資訊工程研究所
    Keywords: 字串比對;入侵偵測系統 (IDS);關聯式規則;字尾樹;資料探勘;String Matching;Suffix Tree;Data Mining;Association Rule;Intrusion Detection System (IDS)
    Date: 2007-07-09
    Issue Date: 2009-09-22 11:47:29 (UTC+8)
    Publisher: 國立中央大學圖書館
    Abstract: 現今電腦的發展越來越普遍,而網際網路的應用也無所不在。在這樣子的環境下,電腦的資訊安全議題也就變得日趨重要;入侵偵測系統 (IDS) 的重要性也因此越來越被重視。 我們著眼於電腦的核心系統呼叫上進行分析,試圖在看似雜亂無章的系統呼叫序列中找出值得參考的資訊,以便建立出有用的規則提升入侵偵測的準確性。字串比對在入侵偵測系統中扮演相當重要的角色,我們設計了一種自字尾樹演算法的概念而衍伸出來的權重字尾樹演算法來進行字串比對。而在大量未明的資料中資料探勘技術可以適時的幫助我們從中得到隱含在其中的資訊,利用頻繁事件序探勘找出具有順序性的頻繁樣本。進而利用這些規則來偵測惡意攻擊。 權重字尾樹演算法可以提升入侵偵測系統 (IDS) 在規則集合選擇上的能力。在此我們強調在我們的方法中我們僅需要掃描全部的紀錄一次,然後我們就可以較以前更簡單的得到不同長度之規則集合。頻繁事件序探勘可以過濾掉那些沒有超過門檻條件較少出現的規則,因此可以提升入侵偵測系統 (IDS) 之決策引擎的運算速度。在本篇論文的最後,我們將指出當我們使用較少的規則時,我們的入侵偵測系統 (IDS) 仍具有不錯的能力偵測入侵。 Today the application of computer softwares is getting more popular than before, and the usage of Internet is everyday’s activity. Security issue of computer information has become important in this environment; hence Intrusion Detection System (IDS) deserves more inspection and efforts. We focus on the analysis of computer kernel system call, and try to find out some meaningful information from the unorganized system call sequences. Then we use the derived information to construct useful rules to improve the accuracy of intrusion detection. String matching plays an important role in the intrusion detection system, and we design a Weighted Suffix Tree algorithm which comes from the concept of suffix tree algorithm for string matching. Data Mining technique could help us finding out meaningful information from large amount of implicit records. Then we exploit Frequent Episodes Mining to get ordered frequent patterns. We therefore apply these rules to detect malicious attacks. Weighted Suffix Tree algorithm could improve the ability of rule set selection of IDS. We need to emphasize that whole traces only be scanned once in our method. And we could select different length of rule set much easier than before. Frequent Episodes Mining could prune those rare rules that don’t exceed the threshold. Hence the decision engine of IDS could speed up. At the end of this paper, we will show that our IDS still has well ability to detect intrusion when we used fewer rules.
    Appears in Collections:[資訊工程研究所] 博碩士論文

    Files in This Item:

    File SizeFormat

    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback  - 隱私權政策聲明