| Summary: | 碩士 === 輔仁大學 === 資訊工程學系 === 99 === With the rapidly development of the network, there are more and more activities apply on the Internet. Therefore, the network security problem becomes an important issue. In order to ensure a trust and quality computing environment, the intrusion detection system has received extensive attentions recently. Network intrusion detection methods may be divided into two categories: signature-based and anomaly-based. Signature-based detection method uses known behavior patterns to detect malicious activities, and is effective to detect variety types of known attacks; anomaly-based establishes a model for normal behavior patterns, and identifies a connection data to be either normal or attack. This research proposes an intrusion detection method that belongs to the latter category of detection methods. We consider that the same type of activities having a certain degree of similarity. In addition, some intrusion experts commented that the most unknown attacks are evolved from known attacks. Our assumption and the comment of experts suggest the importance of the local data structure. This leads us to develop an intrusion method called Local Embedding Structure (LES). The method is based on the spectral clustering algorithm to embed data points in the transformed space. In the process of embedding, the adjacent data points with different types are pulled away to highlight the characteristics of local data structure. With this feature of structure, we expect to enhance the detection rate for novel attack types. To produce a highly qualified and reduced datasets, the approach of the balanced iterative reducing and clustering using hierarchies (BIRCH) is applied in the data pre-processing. Finally, the well-known KDD Cup 1999 database is used to evaluate the proposed LES method. According to the experimental results, LES has good performance of intrusion detection. In particular, the detection rate for the novel attacks could reach a high accuracy of 93.8%.
|
|---|
