5.2 未來展望
本研究提出之新特徵雖然仍有一個特徵不符合預期之功效,但藉由新特徵的 加入,確實能有增進支持向量機進行分類時之能力,提升入侵偵測率,在未來的 研究中,尚可依此方法加入更多新型之特徵值,以補足原始特徵中其他較缺乏的 辨識攻擊能力,並可藉由特徵篩選方法,持續加入新特徵之篩選演進,萃取出最 佳之新特徵組合。
其次,本實驗架構主要實作於網路型入侵偵測系統中,在攻擊的選用與新特 徵的加入上,也都以網路型為主要考量依據,未來也可結合主機型之入侵偵測系 統,收集主機日誌檔中之資訊,實作主機型之新特徵,並可增加 U2R 與 R2L 兩 類主要用於主機型入侵之攻擊方式,以增加攻擊之複雜度,更加貼近實際的真實 網路環境中。
除此之外,結合網路型與主機型入侵偵測系統的架構,也可用於誤用入侵偵 測系統中,將此兩類之攻擊辨識方式做一合併應用,增進偵測攻擊時之依據,相 信若能結合此相關之應用,對於偵測率之提升將能有更進一步的發展,上述之方 法,也將是本研究未來朝向之目標。
第六章 參考文獻
[1] CERT電腦危機處理中心,http://www.cert.org/stats/ 。
[2] IDC國際數據資訊,http://www.idc.com.tw/report/News/news_060406.htm 。 [3] 張育政,”結合約略集合理論與基因演算法於支持向量機之入侵偵測研究”,
中華大學碩士論文,2005。
[4] 李駿偉、田筱榮、黃世昆,入侵偵測分析方法評估與比較,資訊安全通訊,
第二期第八卷,21-37 頁,2002 年。
[5] Y. Grandvalet, S. Canu, “Adaptive scaling for feature selection in SVMs,”
Neural Information Processing System, vol.15, 2002 .
[6] S.L. Scott, “Detecting Network Intrusion Using a Markov Modulated Nonhomogeneous Poisson Process,” University of Southern California, 2000 . [7] A.H. Sung and S. Mukkamala, “Identifying important features for intrusion
detection using support vector machines and neural networks,” Proceedings of Application and the Internet, pp.209-216, 2003 .
[8] S.Y. Ohn, H.N. Nguyen, D.S. Kim and J.S. Park, “Determining Optimal Decision Model for Support Vector Machine by Genetic Algorithm,”
Computational and Information Science: First International Symposium, vol.3314, 2004 .
[9] T. Ambwani, “Multi class support vector machine implementation to intrusion detection,” Proceedings of the International Joint Conference of Neural Networks, vol.3, pp.2300-2305, 2003 .
[10] A.H. Sung and S. Mukkamala, “A comparative study of techniques for intrusion detection,” Proceedings of 15th IEEE International Conference of Tools with Artificial Intelligence, pp.570-577, 2003 .
[11] A.H. Sung, S. Mukkamala and G.. Janoski, “Intrusion detection using neural
networks and support vector machines,” Proceedings of the International Joint Conference on Neural Networks, vol.2, pp.1702-1707, 2002 .
[12] J. Mill and A. Inoue, “Support vector classifiers and network intrusion detection,” Proceedings of IEEE International Conference on Fuzzy Systems, vol.1, pp. 407-410, 2004 .
[13] Kddcup’99, http://kdd.ics.uci.edu/databases/kddcup99/task.html . [14] Snort, http://www.snort.org .
[15] C. Chang and J. Lin, “LIBSVM: a library for support vector machines,”
http://www.csie.ntu.edu.tw/~cjlin/libsvm , 2003 .
[16] D. E. Denning, “An Intrusion Detection Model,” IEEE Transactions On Software Engineering, vol.SE-13, no.2, pp.222-232, 1987 .
[17] S.R. Snapp, J. Brentano and G.V. Dias, “ A system for distributed intrusion detection,” Proceedings of the IEEE COMPCON 91, pp.170-176, 1991 .
[18] BlackICE Defender ,
http://www.networkice.com/html/blackice_de--fender.html , 2000 .
[19] Rainbow Diamond Information Security, “Rainbow,”
http://www.brd.ie/ , 1999 .
[20] K. llgun, ”USTAT : A Real Time Intrusion Detection System for UNIX,”
Proceedings of the IEEE Symposium on Research in Security and Privacy, pp.16-28, 1993 .
[21] http://www.acm.org/sigs/sigkdd/kddcup/index.php . [22] http://www.ll.mit.edu/IST/ideval/data/data_index.html .
[23] R.P. Abbott, J.S Chin and J.E. Donnelley, W.L. Konigsfore, S. Tokubo, and D.A.
Webb, “Security analysis and enhancements of computer operating systems,”
Technical report, 1976 .
[24] D. Weber, “A Taxonomy of Computer Intrusions,” Massachusetts Institute of Technology, 1998 .
[25] C. Cortes and V. Vapnik, “Support-Vector networks,” Machine learning, vol.20, pp. 275-297, 1995.
[26] A.A. AnAj, http://en.wikipedia.org/wiki/Image:SVM_margins.png.
[27] J. Han and M. Kamber, ”Data Mining Concepts and Techniques,” Published by John Wiley & Sons, 1997 .
[28] J.E. Dickerson and J.A. Dickerson, “Fuzzy network profiling for intrusion detection,” Fuzzy Information Processing Society, NAFIPS 19th International Conference of the North American, pp.301-306, 2000 .
[29] W.W. Cohen, “Fast Effective Rule Induction,” Machine Learning : Proceedings of the Twelfth International Conference, pp115-123, 1995 .
[30] W. Lee, S.J. Stolfo, K.W. Mok, ”A data mining framework for building intrusion detection models,” IEEE Symposium on Security and Privacy, Proceedings of the 1999, pp.120-132, 1999 .
[31] CentOS, http://www.centos.org/ .
[32] W.-T. Wong and C.-Y, Lai, ”Identifying Important Features For Intrusion Detection Using Discriminant Analysis And Support Vector Machine,” Fifth International Conference on Machine Learning and Cybernetics, vol.6, pp.3563-3567, 2006 .
[33] W.-T. Wong and W.-C. Huang, ”Toward the Best Feature Model for Network Intrusion Detection Using Stepwise Regression and Support Vector Machine,”
International Computer Symposium, vol.2, pp.843-848, 2006 .
[34] A.H. Sung and S. Makkamala, “Feature ranking and selection for intrusion detection systems using support vector machines,” Proceedings of the International Conference on Information and Knowledge Engineering, 2002 . [35] L. Didaci, G. Giacinto and F. Roli, “Ensemble learning for intrusion detection
computer networks,” Department of EEE, University of Cagliari, NEC Research,