校园网环境的可视化入侵检测系统研究与实现

摘要I摘要校园网络是学校信息化建设必不可少的基础硬件设施，但是接入Internet所带来的安全问题给我们校园网管理者带来了极大的挑战，随处可得的黑客工具和不断曝光的系统漏洞使我们的校园网络无时无刻不处于危险之中。校园网的安全对维护学校正常的教学秩序，保证学校网络资料等起着极为重要的作用。因此，如何保证校园网的安全问题，也就成了一个极为重要的问题。论文在分析了传统入侵检测系统在保护网络环境中Web系统存在的问题的基础上，提出了基于校园网环境的可视化入侵检测模型。基于该模型设计了可视化入侵检测系统的框架和结构，并实现数据包捕获模块、数据提取模块、事件分析数据库模块、用户行为建模模块、可视化建模模块、异常检测模块、数据绘制与显示模块、安全响应模块和可视化入侵检测查询模块等九大模块。同时对基于散乱点的可视化入侵检测算法也进行探讨，引入主成分分析和曲线成分分析作为映射工具，提出了一种高逼真度的、确定性的可视化入侵检测算法，采用主成分分析映射结果作为迭代的初值和采用伪随机算法来选择第i点来增加算法的确定性；将映射空间中点间欧式距离与原始空间中标准化会话间平方欧式距离相等作为改进算法的最优化目标来提高逼真度。最后，选用KDDCup99数据集进行测试验证，结果表明改进后的曲线成份分析算法可以用于识别内部渗透与外部渗透两种入侵行为。系统实现了对数据的分析、处理以及对非法数据的实时发现和显示，同时存入日志，满足了入侵检测系统的基本功能需求。关键词：入侵检测，曲线成分分析，可视化，校园网ABSTRACTIIIABSTRACTThecampusnetworkisessentialinformationizeconstructionofschoolbasishardwarefacilities.But,safeproblemaboutbylinkupInternethasbroughtextremelylargechallengetoourcampusnetworkadministrativeperson.Thehackerimplementbeingabletobeboughtanywhereandthesystemleakbeingexposedunceasinglymakeournetworknotbeindangerallthetime.Thus,tosecurecampusnetworkbecomesfairlyimportant.ThisdissertationanalyzestheproblembeingfacedwithexistingintrusiondetectionsystemswhilebeingusedtosecurewebapplicationsprovidingInternetservices,thisdissertationputforwardacampusnetworkenvironmentbasedonthevisualintrusiondetectionmodel.Basedonthemodelofthedesignofavisualintrusiondetectionsystemframeworkandstructure,andtoachievevisualanalysisofthedatabasemanagementsystemandvisualintrusiondetectionanalysesmanagementsystemmodules.Thesystemincludesninemodules:datapacketcapturemodule,dataextractionmodule,eventsanalysisdatabasemodule,userbehaviormodelingmodule,visualmodelingmodule,anomalydetectionmodule,thedatademonstratemodule,securityresponseandvisualizationmodulequerymoduleofintrusiondetectionThisdissertationdiscussbasedonscatteredpointvisualintrusiondetectionalgorithms:theintroductionofprincipalcomponentanalysisandcurvilinearcomponentanalysisasamappingcomponentanalysistools,ahigh-fidelityanddeterministic,anewhigh-fidelityanddeterministicCCA-basedvisualizationalgorithminintrusiondetectionisproposed.Theprincipalcomponentanalysismappingasaresultoftheinitialuseofiterativealgorithmandtheuseofpseudo-randomselectionalgorithmtoincreasethepointofcertainty;mappingandspatialdistancetothemidpointbetweentheEuropeanSpacestandardizationoftheoriginalconversationbetweentheEuropeansquarefromthesamegoalsastheoptimizationalgorithmtoimprovefidelity.Finally,KDDCup99datasetsusedtotestandcertify,resultsshowthattheimprovedcurvilinearcomponentanalysisalgorithmcanbeusedtoidentifytheinternalandexternalintrusioninfiltration.Systemachieveddataanalysisandprocess,discoveryABSTRACTIVanddisplayofillegaldataandstorageofsuspiciousdataintologfile,thesystemsatisfiestherequirementsofinstrusiondetectionsystem.Keywords:InstrusionDetection,CurvilinearComponentAnalysis,Visualization,CampusNet目录V目录第一章引言..............................................11.1课题的研究背景.......................................11.2课题的研究意义.......................................41.3入侵检测防御技术研究现状.............................51.4本课题的主要研究内容.................................7第二章入侵检测技术基础..................................92.1入侵检测分析.........................................92.2入侵检测系统分类....................................102.2入侵检测系统基本模型................................152.2.1IDES模型........................................152.2.2CIDF模型........................................172.3入侵检测系统工作流程................................182.4入侵检测系统发展方向................................182.5本章小结............................................20第三章可视化入侵检测系统分析与设计......................213.1系统功能需求........................................213.2系统性能需求........................................223.3入侵检测模型设计....................................233.4入侵检测系统框架设计................................253.5入侵检测系统结构设计.................................263.5.1入侵检测数据管理子系统...........................273.5.2入侵检测数据分析子系统...........................28目录VI3.6本章小结............................................33第四章基于散乱点的可视化入侵检测算法设计................344.1检测算法理论依据....................................344.2检测算法性能要求....................................374.2.1逼真度..........................................374.2.2运算速度........................................404.2.3确定性..........................................404.3主成份分析PCA算法..................................414.4曲线成份分析CCA算法................................444.5PCA算法与CCA算法对比分析...........................484.5.1理论对比........................................484.5.2实验对比分析....................................484.6曲线成分分析CCA算法的改进..........................554.7传统CCA算法与改进CCA算法的对比分析................574.7.1确定性..........................................574.7.2运算速度........................................584.8本章小结............................................60第五章可视化入侵检测系统实现...........................615.1系统开发及运行环境..................................615.1.1开发环境........................................615.1.2运行环境........................................615.2校园网可视化入侵检测系统部署........................615.3可视化入侵数据管理子系统实现........................625.3.1数据包捕获模块