Using Data Mining Technique for Network Anomaly Detection
碩士 === 國立臺北教育大學 === 資訊科學系碩士班 === 105 === Network information security is equal to the national security. A weak network infrastructure is just like a national defense without combat capabilities. To establish an updated protection mechanism on the existing network infrastructure in order to defend e...
Main Authors: | , |
---|---|
Other Authors: | |
Format: | Others |
Language: | zh-TW |
Published: |
2017
|
Online Access: | http://ndltd.ncl.edu.tw/handle/94780426730869129241 |
id |
ndltd-TW-105NTPT0394011 |
---|---|
record_format |
oai_dc |
spelling |
ndltd-TW-105NTPT03940112017-10-29T04:35:37Z http://ndltd.ncl.edu.tw/handle/94780426730869129241 Using Data Mining Technique for Network Anomaly Detection 基於資料探勘技術應用於網路異常偵測 Dao-Nan Wei 魏道楠 碩士 國立臺北教育大學 資訊科學系碩士班 105 Network information security is equal to the national security. A weak network infrastructure is just like a national defense without combat capabilities. To establish an updated protection mechanism on the existing network infrastructure in order to defend ever changeable hacker attacks and maximize the value of cyber security investments, are the main concerns of the organizations and enterprises nowadays. An effective defense strategy is to collect data and perform relevance analysis throughout the attack life cycle. Intrusion detection is known for as an effective solution. Garner predicted that by the year of 2018, at least 25% of intrusions are going to be detected by analyzing users’ behaviors. Researches have shown that using data mining technology to optimize the protection mechanism of intrusion detection, is a probable solution. This paper is using the NSL-KDD Data Set, and based on the real case analysis through Random Forest (RF) Algorithm and Support Vector Machine (SVM) Algorithm, to prove RF Algorithm model has fast learning capabilities, is suitable for application in a large number of signatures and data samples environments. Moreover, the correctness of sample classification and false positive rate are all very good. In contrast, SVM Algorithm is more suitable in the environment where the data samples are less. By using the feature selection mechanism to remove irrelevant features, lower the model complicatedness, it will not affect the performances of instances classification correctness and false positive rate, and increase the learning speed of the model. The experiment result has shown that the proposed method, based on the algorism characteristics and using moderate adjustment, is very suitable for application of network abnormality detection, not only can it lower the false positive rate, but also able to identify network attacks, can be integrated into design and construct intrusion detection mechanism considerations. Yuan-Chen Liu 劉遠楨 2017 學位論文 ; thesis 48 zh-TW |
collection |
NDLTD |
language |
zh-TW |
format |
Others
|
sources |
NDLTD |
description |
碩士 === 國立臺北教育大學 === 資訊科學系碩士班 === 105 === Network information security is equal to the national security. A weak network infrastructure is just like a national defense without combat capabilities. To establish an updated protection mechanism on the existing network infrastructure in order to defend ever changeable hacker attacks and maximize the value of cyber security investments, are the main concerns of the organizations and enterprises nowadays.
An effective defense strategy is to collect data and perform relevance analysis throughout the attack life cycle. Intrusion detection is known for as an effective solution. Garner predicted that by the year of 2018, at least 25% of intrusions are going to be detected by analyzing users’ behaviors. Researches have shown that using data mining technology to optimize the protection mechanism of intrusion detection, is a probable solution.
This paper is using the NSL-KDD Data Set, and based on the real case analysis through Random Forest (RF) Algorithm and Support Vector Machine (SVM) Algorithm, to prove RF Algorithm model has fast learning capabilities, is suitable for application in a large number of signatures and data samples environments. Moreover, the correctness of sample classification and false positive rate are all very good. In contrast, SVM Algorithm is more suitable in the environment where the data samples are less. By using the feature selection mechanism to remove irrelevant features, lower the model complicatedness, it will not affect the performances of instances classification correctness and false positive rate, and increase the learning speed of the model.
The experiment result has shown that the proposed method, based on the algorism characteristics and using moderate adjustment, is very suitable for application of network abnormality detection, not only can it lower the false positive rate, but also able to identify network attacks, can be integrated into design and construct intrusion detection mechanism considerations.
|
author2 |
Yuan-Chen Liu |
author_facet |
Yuan-Chen Liu Dao-Nan Wei 魏道楠 |
author |
Dao-Nan Wei 魏道楠 |
spellingShingle |
Dao-Nan Wei 魏道楠 Using Data Mining Technique for Network Anomaly Detection |
author_sort |
Dao-Nan Wei |
title |
Using Data Mining Technique for Network Anomaly Detection |
title_short |
Using Data Mining Technique for Network Anomaly Detection |
title_full |
Using Data Mining Technique for Network Anomaly Detection |
title_fullStr |
Using Data Mining Technique for Network Anomaly Detection |
title_full_unstemmed |
Using Data Mining Technique for Network Anomaly Detection |
title_sort |
using data mining technique for network anomaly detection |
publishDate |
2017 |
url |
http://ndltd.ncl.edu.tw/handle/94780426730869129241 |
work_keys_str_mv |
AT daonanwei usingdataminingtechniquefornetworkanomalydetection AT wèidàonán usingdataminingtechniquefornetworkanomalydetection AT daonanwei jīyúzīliàotànkānjìshùyīngyòngyúwǎnglùyìchángzhēncè AT wèidàonán jīyúzīliàotànkānjìshùyīngyòngyúwǎnglùyìchángzhēncè |
_version_ |
1718558609913151488 |