基于距离的网络异常检测算法实现
文献综述
摘要:近年来全球互联网络安全威胁事件频发,计算机网络不仅为我们带来了便捷和高效的生活,同样也带来了各种各样的安全问题。黑客利用多种入侵手段攻击目标主机,通过防火墙拦截,安全访问控制,对数据加密处理以及身份认证等传统的网络安全防御技术也无法感知,静态的防御体系已经无法满足当前的安全需要。随着Internet的发展,网络安全技术也在与网络攻击对抗中不断发展。入侵检测技术作为一种积极主动的安全防护技术,能够实时监测被保护网络,因此该领域具有十分重要的研究意义。本文将利用马氏距离,设计一个网络异常检测算法,使得检测的效果好,速度快,准确率高,以满足当下异常检测需求。在互联网的高速发展的背景下,本文通过分析异常检测的国内外研究现状,发展概况,提出了基于马氏距离的网络异常检测算法的研究目标和内容。
关键词:K近邻 马氏距离 异常检测
THEME:Implementation of network anomaly detection algorithm based on distance
Abstract: In recent years, the global Internet security threats occur frequently. Computer network not only brings us convenient and efficient life, but also brings a variety of security problems. Hackers use a variety of intrusion means to attack the target host, through the firewall interception, security access control, data encryption and identity authentication and other traditional network security defense technology can not be perceived, static defense system has been unable to meet the current security needs. With the development of Internet, network security technology is also developing in the confrontation with network attacks. As an active security protection technology, intrusion detection technology can monitor the protected network in real time, so it has very important research significance in this field. In this paper, we will use Mahalanobis distance to design a network anomaly detection algorithm, so that the detection effect is good, the speed is fast, the accuracy is high, in order to meet the current anomaly detection needs. In the context of the rapid development of the Internet, this paper analyzes the research status and development situation of anomaly detection at home and abroad, and puts forward the research goal and content of network anomaly detection algorithm based on Mahalanobis distance.
Keywords:K-nearest neighbor Mahalanobis distance Anomaly detection
前言
随着信息化时代的到来,我们的生活对网络的依赖程度越来越大,根据中国互联网络信息中心(CNNIC)28日发布第45次中国互联网络发展状况统计报告显示,截至2020年3月,中国网民规模为9.04亿人,较2018年底新增网民7508万人,互联网普及率达64.5%。网络已经成为社会和经济发展的强大动力,但随之而来的网络与信息安全问题也日益凸显,如目前恶意程序传播、漏洞风险、DDoS攻击、网站篡改等网络恶意攻击造成的网络数据流异常,其中网络攻击成为网络安全中危害最严重的现象之一,因此,如何快速处理大批量数据,利用网络异常检测技术为网络安全问题提供技术支持,成为研究的一个热点。
本次毕业设计实现一个基于距离的异常检测算法,自动识别网络入侵现象,并进行系统预警和记录。利用该异常检测算法对KDD cup 99 数据包进行测试。对入侵的行为进行准确的判别,并对分析结果进行评估,结果表明该算法入侵检测率较高.表明了该异常检测模型在对拒绝服务攻击和端口扫描攻击获得较高检测率的同时也降低了误检率,有效解决了检测率和误检率之间的矛盾.
