English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 80990/80990 (100%)
造訪人次 : 41728351      線上人數 : 1334
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋


    請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/13536


    題名: 結合漸進式隱藏馬可夫模型與Adaboost之異常入侵偵測;Combining Incremental Hidden Markov Model and Adaboost Algorithm for Anomaly Intrusion Detection
    作者: 陳毓書;Yu-Shu Chen
    貢獻者: 資訊管理研究所
    關鍵詞: Adaboost;異常入侵偵測;正常行為模式;漸進式隱藏馬可夫模型;Adaboost;IHMM;Anomaly Intrusion Detection;Normal Profile
    日期: 2009-06-23
    上傳時間: 2009-09-22 15:34:22 (UTC+8)
    出版者: 國立中央大學圖書館
    摘要: 由於全球惡意碼及攻擊入侵數量急遽的攀升,因此開發有效的入侵偵測系統提高入侵偵測的準確率變得十分重要。傳統隱藏馬可夫模型(Hidden Markov Model, HMM)基於塑模正常行為模式(Normal Profile)成功應用於異常入侵偵測。而漸進式隱藏馬可夫模型(Incremental HMM, IHMM)改善傳統隱藏馬可夫模型訓練時間成本。 然而兩者隱藏馬可夫模型仍無法有效正確偵測,具有偵測上誤報率過高的問題,因此本研究提出結合漸進式隱藏馬可夫模型與Adaboost之異常入侵偵測,簡稱Adaboost-IHMM。Adaboost藉由多個漸進式隱藏馬可夫模型共同對樣本分類,最後決定樣本分類結果,因此可提升分類準確率。此外,本研究針對Adaboost-IHMM提出一個正常行為模式即時調適的方法,來反應因正常行為發生改變而導致誤判的情況。 最後透過新墨西哥大學提供的Stide及Sendmail系統呼叫資料集,以及自行蒐集的Internet Explorer實驗資料,來驗證本研究方法能確實區分正常及入侵程序以及正常行為模式能即時的調適。實驗結果得知此方法能明顯改善誤報率而不失偵測率,改善Stide實驗資料集誤報率70%。而正常行為發生改變也能相應的即時調整,改善訓練新的正常行為模式的時間成本90%。 Due to global malwares and intrusions grow sharply; hence it’s important to develop effective Intrusion Detection Systems (IDSs) to promote the accurate rate of intrusion detection. IDSs determine whether the current system is incurred intrusion by analyzing system call sequences, system logs or network packets. All of these data include the time series events. Traditional Hidden Markov Model (HMM), which has the great capability to describe the time series data, has been successfully applied to anomaly intrusion detection to model a normal profile. Incremental HMM (IHMM) further improves the training time of the HMM. However, both HMM and IHMM still have the problem of high false positive rate. In this thesis, we propose to combine IHMM and adaboost for anomaly intrusion detection and name it as Adaboost-IHMM. As Adaboost firstly uses many IHMMs to collectively classify samples, then decides the results of samples’ classifications, the Adaboost-IHMM can improve the accurate rate of classifications. Finally, we do experiments by using Stide and Sendmail system call datasets from UNM and Internet Explorer datasets collected by ourselves. Experimental results with Stide datasets show that the proposed method can significantly improve the false positive rate by 70% without decreasing the detection rate. Besides, we also propose a method to adjust the normal profile for avoiding erroneous detection caused by changes of normal behavior. We perform with experiments with realistic datasets extracted from the use of popular browsers. Compared with traditional HMM method, our method can improve the training time by 90% to build a new normal profile.
    顯示於類別:[資訊管理研究所] 博碩士論文

    文件中的檔案:

    檔案 大小格式瀏覽次數


    在NCUIR中所有的資料項目都受到原著作權保護.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明