1. Trang chủ
  2. Luận Văn - Báo Cáo

Triên Khai Ứng Dụng Mạng Neural Trong Phát Hiện Xâm Nhập Trái Phép (Luận Văn Thạc Sĩ)

67 1 0
Triên Khai Ứng Dụng Mạng Neural Trong Phát Hiện Xâm Nhập Trái Phép (Luận Văn Thạc Sĩ)

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

Thông tin tài liệu

Triên Khai Ứng Dụng Mạng Neural Trong Phát Hiện Xâm Nhập Trái Phép (Luận Văn Thạc Sĩ) LỜI CẢM ƠN i LỜI CAM ĐOAN ii MỤC LỤC iii CÁC KÝ HIỆU, CHỮ VIẾT TẮT vii DANH MỤC BẢNG BIỂU viii DANH MỤC HÌNH VẼ ix LỜI MỞ ĐẦU 1 CHƯƠNG I: VẤN ĐỀ AN TOÀN MẠNG MÁY TÍNH VÀ HỆ THỐNG PHÁT HIỆN XÂM NHẬP TRÁI PHÉP 2 1.1. Các nguy cơ gây mất an toàn thông tin trên mạng máy tính 2 1.1.1. Thực trạng mất an toàn thông tin tại Việt Nam năm 2017 2 1.1.2. Các nguy cơ mất an toàn thông tin 3 1.2. Một số tấn công lên mạng máy tính 4 1.2.1. Tấn công từ chối dịch vụ 4 1.2.2. Tấn công thăm dò 5 1.2.3. Tấn công chiếm quyền root 5 1.2.4. Tấn công điều khiển từ xa 6 1.3. Một số giải pháp tăng cường bảo vệ mạng máy tính 6 1.4. Giới thiệu hệ thống phát hiện xâm nhập trái phép 8 1.4.1. Một số khái niệm 8 1.4.2. Lịch sử phát triển của IDS 8 1.4.3. Yêu cầu một hệ thống phát hiện xâm nhập 9 1.4.4. Kiến trúc của IDS 10 1.4.4.1. Thành phần thu thập thông tin 11 1.4.4.2. Thành phần phát hiện và phân tích 11 1.4.4.3. Thành phần phản hồi 12 1.4.5. Phân loại IDS 12 1.4.5.1. Hệ thống phát hiện xâm nhập dựa trên Host 12 1.4.5.2. Hệ thống phát hiện xâm nhập dựa trên mạng 14 1.4.6. Kỹ thuật phát hiện 16 1.4.6.1. Phát hiện dựa trên dấu hiệu 16 1.4.6.2. Phát hiện dựa trên sự bất thường 16 1.4.7. Chức năng của IDS 17 1.4.8. Lợi ích của việc sử dụng IDS 18 1.5. Kết luận chương 1 19 CHƯƠNG II: TỔNG QUAN VỀ MẠNG NEURAL NHÂN TẠO 20 2.1. Giới thiệu về mạng neural 20 2.1.1. Khái niệm mạng neural sinh học 20 2.1.2. Khái niệm mạng neural nhân tạo 21 2.1.3. Lịch sử phát triển của mạng neural nhân tạo 22 2.2. Mô hình một neural nhân tạo 23 2.2.1. Neural một đầu vào 23 2.2.2. Neural nhiều đầu vào 25 2.2.3. Giới thiệu một số hàm tác động 27 2.2.3.1. Hàm tác động hard limit 27 2.2.3.2. Hàm tác động linear 27 2.2.3.3. Hàm tác động log-sigmoid 28 2.3. Kiến trúc của mạng neural 30 2.3.1. Mạng neural một lớp 30 2.3.2. Mạng neural đa lớp 31 2.3.3. Mạng truyền thẳng (Feedforward architecture) 33 2.3.4. Mạng phản hồi (Feedback Architecture): 34 2.4. Hoạt động và luật học của mạng neural nhân tạo 35 2.4.1. Hoạt động của mạng neural nhân tạo 35 2.4.2. Luật học của mạng neural 35 2.4.2.1. Học có giám sát 36 2.4.2.2. Học không giám sát 37 2.4.2.3. Học tăng cường 37 2.5. Mạng Perceptron và giải thuật lan truyền ngược 37 2.5.1. Mạng Perceptron 37 2.5.2. Giải thuật lan truyền ngược 39 2.5.2.1. Hàm tổng bình phương sai số 40 2.5.2.2. Các bước của giải thuật lan truyền ngược 41 2.5.3. Các nhân tố của quá trình học lan truyền ngược 46 2.5.3.1. Khởi tạo các giá trị trọng số 46 2.5.3.2. Hệ số học a 46 2.5.3.3. Cấu trúc mạng 47 2.6. Ứng dụng của mạng neural nhân tạo 47 2.7. Kết luận chương II 48 CHƯƠNG III: ỨNG DỤNG MẠNG NEURAL TRONG PHÁT HIỆN XÂM NHẬP TRÁI PHÉP 49 3.1. Tính ứng dụng của mạng neural trong phát hiện xâm nhập trái phép .. 49 3.1.1. Giới thiệu tập dữ liệu KDD99 49 3.1.2. Phân tích tập dữ liệu KDD99 50 3.2. Cài đặt, thực nghiệm chương trình mô phỏng thể hiện tính ứng dụng của mạng neural trong phát hiện xâm nhập trái phép 51 3.2.1. Công cụ mô phỏng 51 3.2.2. Chương trình mô phỏng 52 3.3. Kết luận chương III 57 KẾT LUẬN 59 TÀI LIỆU THAM KHẢO 60 PHỤ LỤC 62  LỜI MỞ ĐẦU Với sự phát triển lớn mạnh không ngừng của mạng máy tính kèm theo nhu cầu trao đổi thông tin dữ liệu ngày càng lớn và đa dạng. Vấn đề an toàn và bảo mật cho mạng ngày càng trở nên cấp thiết. Đã có nhiều nghiên cứu nhằm đưa ra giải pháp bảo đảm an toàn cho mạng máy tính. Chương 1: Vấn đề an toàn mạng máy tính và hệ thống phát hiện xâm nhập trái phép. Chương 2: Tổng quan về mạng neural nhân tạo. Chương 3: Ứng dụng mạng neural nhân tạo trong việc phát hiện xâm nhập trái phép.

1 Viện Công Nghệ Thông Tin Và Truyền Thông ĐẠI HỌC BÁCH KHOA HÀ NỘI Luận Văn Thạc Sĩ TRIÊN KHAI ỨNG DỤNG MẠNG NEURAL TRONG PHÁT HIỆN XÂM NHẬP TRÁI PHÉP Nguyen Thanh Long Ha Noi, 2023 MỤC LỤC LỜI CẢM ƠN i LỜI CAM ĐOAN ii MỤC LỤC iii CÁC KÝ HIỆU, CHỮ VIẾT TẮT vii DANH MỤC BẢNG BIỂU viii DANH MỤC HÌNH VẼ ix LỜI MỞ ĐẦU CHƯƠNG I: VẤN ĐỀ AN TỒN MẠNG MÁY TÍNH VÀ HỆ THỐNG PHÁT HIỆN XÂM NHẬP TRÁI PHÉP 1.1 Các nguy gây an tồn thơng tin mạng máy tính 1.1.1 Thực trạng an tồn thơng tin Việt Nam năm 2017 1.1.2 Các nguy an tồn thơng tin 1.2 Một số công lên mạng máy tính 1.2.1 Tấn công từ chối dịch vụ 1.2.2 Tấn công thăm dò 1.2.3 Tấn công chiếm quyền root 1.2.4 Tấn công điều khiển từ xa 1.3 Một số giải pháp tăng cường bảo vệ mạng máy tính 1.4 Giới thiệu hệ thống phát xâm nhập trái phép 1.4.1 Một số khái niệm 1.4.2 Lịch sử phát triển IDS 1.4.3 Yêu cầu hệ thống phát xâm nhập 1.4.4 Kiến trúc IDS 10 1.4.4.1 Thành phần thu thập thông tin 11 1.4.4.2 Thành phần phát phân tích 11 1.4.4.3 Thành phần phản hồi 12 1.4.5 Phân loại IDS 12 1.4.5.1 Hệ thống phát xâm nhập dựa Host 12 1.4.5.2 Hệ thống phát xâm nhập dựa mạng 14 1.4.6 Kỹ thuật phát 16 1.4.6.1 Phát dựa dấu hiệu 16 1.4.6.2 Phát dựa bất thường 16 1.4.7 Chức IDS 17 1.4.8 Lợi ích việc sử dụng IDS 18 1.5 Kết luận chương 19 CHƯƠNG II: TỔNG QUAN VỀ MẠNG NEURAL NHÂN TẠO 20 2.1 Giới thiệu mạng neural 20 2.1.1 Khái niệm mạng neural sinh học 20 2.1.2 Khái niệm mạng neural nhân tạo 21 2.1.3 Lịch sử phát triển mạng neural nhân tạo 22 2.2 Mơ hình neural nhân tạo 23 2.2.1 Neural đầu vào 23 2.2.2 Neural nhiều đầu vào 25 2.2.3 Giới thiệu số hàm tác động 27 2.2.3.1 Hàm tác động hard limit 27 2.2.3.2 Hàm tác động linear 27 2.2.3.3 Hàm tác động log-sigmoid 28 2.3 Kiến trúc mạng neural 30 2.3.1 Mạng neural lớp 30 2.3.2 Mạng neural đa lớp 31 2.3.3 Mạng truyền thẳng (Feedforward architecture) 33 2.3.4 Mạng phản hồi (Feedback Architecture): 34 2.4 Hoạt động luật học mạng neural nhân tạo 35 2.4.1 Hoạt động mạng neural nhân tạo 35 2.4.2 Luật học mạng neural 35 2.4.2.1 Học có giám sát 36 2.4.2.2 Học không giám sát 37 2.4.2.3 Học tăng cường 37 2.5 Mạng Perceptron giải thuật lan truyền ngược 37 2.5.1 Mạng Perceptron 37 2.5.2 Giải thuật lan truyền ngược 39 2.5.2.1 Hàm tổng bình phương sai số 40 2.5.2.2 Các bước giải thuật lan truyền ngược 41 2.5.3 Các nhân tố trình học lan truyền ngược 46 2.5.3.1 Khởi tạo giá trị trọng số 46 2.5.3.2 Hệ số học a 46 2.5.3.3 Cấu trúc mạng 47 2.6 Ứng dụng mạng neural nhân tạo 47 2.7 Kết luận chương II 48 CHƯƠNG III: ỨNG DỤNG MẠNG NEURAL TRONG PHÁT HIỆN XÂM NHẬP TRÁI PHÉP 49 3.1 Tính ứng dụng mạng neural phát xâm nhập trái phép 49 3.1.1 Giới thiệu tập liệu KDD99 49 3.1.2 Phân tích tập liệu KDD99 50 3.2 Cài đặt, thực nghiệm chương trình mơ thể tính ứng dụng mạng neural phát xâm nhập trái phép 51 3.2.1 Công cụ mô 51 3.2.2 Chương trình mơ 52 3.3 Kết luận chương III 57 KẾT LUẬN 59 TÀI LIỆU THAM KHẢO 60 PHỤ LỤC 62 LỜI MỞ ĐẦU Với phát triển lớn mạnh không ngừng mạng máy tính kèm theo nhu cầu trao đổi thông tin liệu ngày lớn đa dạng Vấn đề an toàn bảo mật cho mạng ngày trở nên cấp thiết Đã có nhiều nghiên cứu nhằm đưa giải pháp bảo đảm an toàn cho mạng máy tính Chương 1: Vấn đề an tồn mạng máy tính hệ thống phát xâm nhập trái phép Chương 2: Tổng quan mạng neural nhân tạo Chương 3: Ứng dụng mạng neural nhân tạo việc phát xâm nhập trái phép CHƯƠNG I: VẤN ĐỀ AN TỒN MẠNG MÁY TÍNH VÀ HỆ THỐNG PHÁT HIỆN XÂM NHẬP TRÁI PHÉP 1.1 Các nguy gây an tồn thơng tin mạng máy tính 1.1.1 Thực trạng an tồn thơng tin Việt Nam năm 2017 Tại Hội thảo quốc tế Ngày an tồn thơng tin Việt Nam 2017 với chủ đề “An tồn thơng minh giới kết nối mới”, VNISA công bố nhiều báo cáo quan trọng liên quan đến thực trạng an tồn thơng tin nay: - Số vụ công, lừa đảo Internet ngày tăng cao Chỉ tính riêng nửa đầu năm, nước có 6.303 vụ - Các doanh nghiệp Việt Nam chủ quan vấn đề đảm bảo an ninh mạng 60.0 50.0 40.0 30.0 20.0 10.0 0.0 Tất cà nhóm DN Ngân hàng-tài Các doanh nghiệp (360) chinh (56) khác (304) Hình 1.1 Chỉ số an tồn thơng tin nhóm doanh nghiệp - Đại diện VNISA công bố kết khảo sát trạng, đánh giá Chỉ số an tồn thơng tin năm 2017 nhóm doanh nghiệp VNISA thực khảo sát trạng an tồn thơng tin 360 doanh nghiệp vùng trọng điểm Hà Nội, TPHCM, Đà Nằng, gồm 304 doanh nghiệp vừa nhỏ 56 doanh nghiệp hoạt động lĩnh vực Ngân hàng - Tài Kết khảo sát cho thấy, số an tồn thơng tin năm 2017 doanh nghiệp 54.2%, doanh nghiệp hoạt động lĩnh vực Ngân hàng - Tài 59.9%, doanh nghiệp khác 31.1%, tất tương đối thấp mức trung bình - Mặt khác, số vụ lừa đảo mạng xã hội Facebook ngày diễn biến khó lường Trên giới, tình hình an tồn thơng tin mức đáng báo động, tiêu biểu vụ mã độc WannaCry xảy năm vừa 1.1.2 Các nguy an tồn thơng tin - Các nguy an tồn thơng tin yếu tố khách quan: Khi có cố an ninh mạng xảy ra, thiết bị phần cứng cá nhân tổ chức bị hư hỏng, chập chờn, khơng hoạt động bình thường - Các nguy gây an tồn thông tin yếu tố chủ quan: + Nguy bị mất, hỏng, sửa đổi thông tin: Một nỗi lo doanh nghiệp xảy cố an tồn thơng tin bị mất, hỏng, bị thay đổi nội dung Nguy hiểm hơn, kẻ cơng đánh cắp tồn liệu ép nạn nhân trả tiền chuộc + Nguy bị cơng phần mềm độc hại: Hacker sử dụng nhiều kỹ thuật công khác để xâm nhập vào bên hệ thống như: Virus, phần mềm gián điệp + Nguy lộ thông tin mạng xã hội: Nạn nhân bị Hacker bắt chuyển tiền máy tính nạn nhân bị lộ liệu, nhiễm mã độc + Nguy an tồn thơng tin Website: Một số thiệt hại an tồn thơng tin Website bị chiếm quyền điều khiển, bị hack web, website bị treo không truy cập được, bị thay đổi giao diện website, bị chèn link lạ, bị tài liệu + Các nguy gây an tồn xuất phát từ sách an tồn thơng tin: Chính sách an tồn thơng tin đơn vị, quan lập để đảm bảo an tồn cho hệ thống, song có điểm yếu, lỗ hổng Chính sách xuất điểm yếu sau trình sử dụng sau trình nâng cấp hệ thống + Nguy an tồn thơng tin xuất phát từ việc cấu hình cho thiết bị mạng phần mềm: Nhiều thiết bị mạng sử dụng theo nhu cầu hiệu suất mà không quan tâm đến vấn đề an ninh việc thiết lập an ninh thiết bị không đảm bảo dẫn đến nhiều vấn đề an ninh khác 1.2 Một số công lên mạng máy tính 1.2.1 Tấn cơng từ chối dịch vụ Tấn công từ chối dịch vụ (Denial of Service - DOS) kiểu công làm cho hệ thống bị q tải khơng thể cung cấp dịch vụ, làm gián đoạn hoạt động hệ thống hệ thống phải ngưng hoạt động Ngồi cịn có kiểu cơng từ chối dịch vụ phân tán DDoS (Distributed Denial of Service) công từ chối dịch vụ theo phương pháp phản xạ DRDoS (Distributed Reflection of Service) Tấn công từ chối dịch vụ cổ điển DoS sử dụng hình thức: đăng nhập liên tiếp, cơng Smurf, kẻ công sinh nhiều giao tiếp ICMP tới địa Broadcast mạng với địa nguồn mục tiêu cần công Tấn công dịch vụ phân tán DDoS xuất vào năm 1999, so với công DoS cổ điển, sức mạnh DDoS cao gấp nhiều lần Hầu hết công DDoS nhằm vào việc chiếm dụng băng thông gây nghẽn mạch hệ thống dẫn đến hệ thống ngưng hoạt động Để thực kẻ cơng tìm cách chiếm dụng điều khiển nhiều máy tính/mạng máy tính trung gian, từ nhiều nơi để đồng loạt gửi ạt gói tin với số lượng lớn nhằm chiếm dụng tài nguyên làm nghẽn đường truyền mục tiêu xác định 1.2.2 Tấn cơng thăm dị Đối với kiểu cơng thăm dị (Probe) này, kẻ cơng qt mạng máy tính để tìm điểm yếu dễ cơng mà thơng qua kẻ cơng khai thác hệ thống Điều có phần giống theo dõi, giám sát hệ thống Một cách phổ biến loại công thực thông qua việc quét cổng hệ thống máy tính Bằng việc này, kẻ cơng lấy thông tin cổng mở, dịch vụ chạy, nhiều thông tin chi tiết nhạy cảm khác địa IP, địa MAC, luật tường lửa sử dụng Ví dụ kỹ thuật công Portsweep: Là kỹ thuật công giám sát, quét qua nhiều cổng để xác định dịch vụ hỗ trợ máy chủ độc lập 1.2.3 Tấn công chiếm quyền root Kiểu công chiếm quyền root (User to Root - U2R): Kẻ công với quyền người dùng bình thường cố gắng để đạt quyền truy nhập cao (đặc quyền người quản trị) vào hệ thống cách bất hợp pháp Cách thức phổ biến công gây tràn đệm (Buffer_overflow), công tràn đệm xảy thời điểm có chương trình ghi lượng thơng tin lớn dung lượng nhớ đệm nhớ Kẻ công ghi đè lên liệu điều khiển chạy chương trình đánh cắp quyền điều khiển Kiểu cơng gặp so với hai kiểu công DoS probe Tuy nhiên, loại công nguy hiểm kẻ cơng chiếm quyền cao chúng kiểm sốt tồn hệ thống 48 thống bỏ qua điểm tối ưu toàn cục rơi vào điểm tối ưu cục Nếu giá trị hệ số học nhỏ tốc độ hội tụ giải thuật lại trở nên chậm Do cần chọn giá trị thỏa mãn tốc độ học việc ngăn chặn cực tiểu cục 2.5.3.3 Cấu trúc mạng Mạng neural lan truyền ngược sai số nói phần cấu trúc ln có lớp vào lớp Số lớp ẩn thay đổi từ đến vài lớp Đối với toán cụ thể, số đầu vào số neural lớp cố định số đầu vào số neural lớp số lượng tập mẫu học Đa số mạng neural lan truyền ngược sai số cơng bố gồm có lớp ẩn, song kích thước lớp ẩn (số lượng neural lớp ẩn) câu hỏi đặt cho ứng dụng sử dụng mạng neural lan truyền ngược Các phân tích vấn đề số lượng neural lớp ẩn có lẽ khơng thực tính phức tạp chất không tiền định thủ tục học Do kích cỡ lớp ẩn thường xác định thực nghiệm Đối với mạng neural có kích thước đáng kể (tín hiệu vào có khoảng hàng trăm hàng nghìn biến), kích thước lớp ẩn cần thiết ban đầu nhỏ so với kích thước tín hiệu vào Nếu mạng khơng có khả hội tụ lời giải, cần tăng dần số neural lớp ẩn Nếu mạng có khả hội tụ lời giải, cần giảm số lượng neural lớp ẩn để tìm số lượng neural mà đảm bảo mạng có khả hội tụ, độ phức tạp hệ thống mạng giảm đáng kể 2.6 Ứng dụng mạng neural nhân tạo Mạng neural nhân tạo ứng dụng nhiều lĩnh vực Với chức học phân loại mẫu, mạng neural ứng dụng số lĩnh vực sau: - Ứng dụng lĩnh vực hàng không: Máy bay không người lái, mô 49 hàng khơng, dị lỗi máy bay - Ứng dụng ô tô: Hệ thống dẫn đường tự động, điều khiển bơm nhiên liệu, phanh tự động - Ứng dụng Quốc phịng: Chỉ huy vũ khí, theo dõi mục tiêu - Ứng dụng an tồn thơng tin: Phát xâm nhập trái phép - Ứng dụng nhận dạng mẫu: Nhận dạng hiểu giọng nói, nhận dạng dấu vân tay, nhận dạng ký tự, nhận dạng khuôn mặt người 2.7 Kết luận chương II Ở chương II trình bày khái niệm, mơ hình, kiến trúc, ứng dụng mạng neural giải thuật lan truyền ngược sử dụng mạng neural để ứng dụng vào toán Một ứng dụng phát xâm nhập trái phép, nội dung mà em tìm hiểu chương III 50 CHƯƠNG III: ỨNG DỤNG MẠNG NEURAL TRONG PHÁT HIỆN XÂM NHẬP TRÁI PHÉP 3.1 Tính ứng dụng mạng neural phát xâm nhập trái phép Theo tài liệu tham khảo [14], tác giả đưa phương pháp đề xuất cho phát xâm nhập mạng máy tính dựa việc sử dụng mạng neural nhân tạo để phát liệu gửi đến mạng máy tính bình thường cơng Cách tiếp cận mạng neural cho mục đích có hai giai đoạn: huấn luyện thử nghiệm Trong giai đoạn huấn luyện, mạng neural huấn luyện để nắm bắt mối quan hệ đầu vào đầu Sau huấn luyện, mạng thử nghiệm với tập liệu thử nghiệm chưa qua huấn luyện Một mạng huấn luyện thử nghiệm, mạng neural sử dụng để phát xâm nhập điều kiện hoạt động mơ hình khác Hình 3.1 biểu diễn vấn đề cần giải phát triển mơ hình ANN cho IDS Hình 3.1 Mơ hình phát triển mạng neural cho IDS 3.1.1 Giới thiệu tập liệu KDD99 Bộ liệu DARPA hình thành Cục dự án nghiên cứu cao cấp Bộ quốc phòng Mỹ (Defense Advanced Research Project Agency) tài trợ đề tài xây dựng sở liệu xâm nhập trái phép Phịng thí nghiệm Lincoln, Đại học MIT [16] Dữ liệu DARPA lưu dạng Tcpdump nên để sử dụng để phân tích liệu DARPA cần thơng qua q trình xử lý ban đầu, bao gồm: Định nghĩa kiện, lựa chọn đặc trưng kiện, sau trích rút đặc 51 trưng lưu dự kiện dạng vector Như vậy, phương pháp xử lý ban đầu khác cho định nghĩa khác kiện hay đặc trưng khác nhau, từ dẫn đến khó khăn việc so sánh, phân tích liệu xâm nhập trái phép Vì thế, với tài trợ DARPA, hội nghị khai pháp liệu phát triển tri thức năm 1999 (Knowledge Discovery and Data Mining 1999 - viết tắt KDD99) thực trình xử lý phần liệu Tcpdump tập liệu DARPA cho tập liệu KDD99 [17] Theo thống kê [5], tập liệu sử dụng phổ biến thí nghiệm KDD99 Dữ liệu KDD-99 định nghĩa kiện dựa tảng kết nối TCP/IP: Mỗi kiện bao gồm hoạt động mạng sinh máy chủ kết nối với máy chủ khác, hoạt động bên máy chủ bị kết nối thời gian kết nối 3.1.2 Phân tích tập liệu KDD99 Tập liệu KDD99 gồm gần triệu ghi, ghi có 41 thuộc tính [9] gán nhãn bình thường hay dạng cơng đặc trưng 41 thuộc tính gồm phần: Phần thứ (từ thuộc tính đến 9) thuộc tính kết nối TCP/IP; Phần thứ hai (từ thuộc tính 10 đến 22) thuộc tính máy chủ; Phần thứ ba (từ thuộc tính 23 đến 31) thuộc tính lưu lượng khoảng thời gian giây, phần thứ tư (từ thuộc tính 32 đến 41) thuộc tính lưu lượng khoảng thời gian 256 giây Tập liệu KDD99 gồm có liệu loại cơng: DoS, Probe, U2R, R2L, ngồi cịn thêm nhóm liệu Normal liệu bình thường KDD99 phân thành hai tập liệu: Tập liệu huấn luyện tập liệu thử nghiệm, phân bố liệu theo nhóm tập liệu huấn luyện trình bày bảng sau: 52 Bảng 3.1 Phân bố liệu theo nhóm tập huấn luyện Nhóm liệu U2R Số lượng 52 Phần trăm (%) 0.001 R2L 1.126 0.023 Probe 4.102 0.839 Normal 972.781 19.859 DoS 3.883.370 79.278 Tập liệu KDD99 gồm có 22 kỹ thuật công tập huấn luyện 14 kỹ thuật công tập test Các kỹ thuật công phân loại sau: Bảng 3.2 Phân loại kỹ thuật công Loại công Kỹ thuật công DoS Back, Land, Neptune, Pod, Smurf, Teardrop Probe Ipsweep, Nmap, Portsweep, Satan U2R Buffer_overflow, Loadmodule, Perl, Rootkit Ftp_write, Guess_passwd, Imap, Multihop, Phf, Spy, R2L Warezclient, Warezmaster 3.2 Cài đặt, thực nghiệm chương trình mơ thể tính ứng dụng mạng neural phát xâm nhập trái phép 3.2.1 Công cụ mô Để mô chương trình ta cần cơng cụ sau đây: - Một máy tính để bàn lattop có khả chạy công cụ mô 53 - Visual Studio Code - Anacoda - Robo 3t - Ngôn ngữ lập trình Python - Cơ sở liệu MongoDB - Thư viện Scikit learn 3.2.2 Chương trình mơ - Cấu trúc mạng tham số mạng neural nhân tạo: Mạng neural nhân tạo mạng Perceptron đa lớp truyền thẳng sử dụng giải thuật lan truyền ngược để huấn luyện gồm có 10 neural lớp ẩn, hệ số học a = 10-5, hàm chức sử dụng Positive Linear, cách xếp cấu trúc lớp, đầu vào đầu lấy từ thư viện modul Scikit learn cài đặt Anacoda - Các bước mô chương trình sau: + Bước 1: Trên cửa sổ cmd, khởi động sở liệu MongoDB câu lệnh "C:\Program Files\MongoDB\Server\4.0\bin\mongod.exe"-dbpath-'E:\phan mem an\MongoDB\Server\4.0\data” 54 Hình 3.2 Khởi động sở liệu MongoDB + Bước 2: Trên công cụ Robo 3t chọn connect để kết nối chương trình với sở liệu MongoDB: ♦ Robo 31- 1.2 File View Options Window Help Hình 3.3 Kết nối với liệu MongoDB + Bước 3: Trên Visual Studio Code chọn Open Folder, sau chọn folder chứa liệu để chạy chương trình mơ phỏng: 55 Welcome - Visual Studio Code e Edit Selection View Go New File Debug Tasks Fell Ctrl+N New Window Ctrl+Shift+N Open File Ctrt+O Open Folder (Ctrl* K Ctrl+O] Open Workspace ► Open Recent Add Folder to Workspace Save Workspace As Hình 3.4 Chọn folder chứa liệu để chạy chương trình Sau Visual Studio Code u cầu cài đặt Python, ta chọn Install thông báo góc phải Visual Studio Code i The 'Python' extension is recommended for this file type X Install Show Recommendations Hình 3.5 Yêu cầu cài đặt Python Visual Studio Code Trên hình hình, Python cài đặt: MLPJTrainer.py - KDD99 - Visual Studio Code File Edit Selection View Go Debug Tasks Help EXTENSIONS = ããã ârecommended > WORKSPACE RECOMMENDATIONS / * OTHER RECOMMENDATIONS * Python 2018.6.0 Linting, Debugging (multi-threaded, remote), I Microsoft * Installing Visual Studio Team Services 1J.36.0 Connectto Team Services including Team Fou Microsoft Install Hình 3.6 Python cài đặt Sau q trình cài đặt cơng cụ sử dụng chạy chương trình mơ mạng MLP phân loại liệu, mạng MLP huấn luyện file kddcup.data_10_percent.txt thử nghiệm khả phân loại qua file 56 corrected.txt Dữ liệu file thể hình đây: — kddcup.data_1O_percent_corrected - Notepad File Edit Format View Help □X |a,tcp, http, SF, 181,5450,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,8,850.00,0.00,0.00,0.00,1.00,0.00,0.00,9,9,1.00,0.00,0.11,0.00,0.00,0.00,0.00,0.00,normal.0,tcp,http,SF,239,486/ normal 0,tcp,http,SF,159,4087,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,5,5,0.00,0.00,0.00,0.00,1.00,0.00,0.00,11,79,1.00,0.00,0.09,0.04,0.00,0.00,0.00,0.00,normal 0,tcp,http,SF, 00,0.00,0.00,normal.0,tcp,http,SF,241,259,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,1,0.00,0.00,0.00,0.00,1.00,0.00,0.00,14,149,1.00,0.00,0.07,0.04,0.00,0.00,0.00,0.00,normal ( 00,0.01,0.03,0.00,6.00,0.00,0.60,normal.0,tcp,http,5F,234,255,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,5,5,0.00,6.00,0.00,0.60,1.00,0.00,0.00,84,219,1.00,0.60,0.01,0.03,0.00,0.Í ,0.00,1,255,1.00,0.00,1.00,0.05,0.00,0.00,0.00,0.00,normal.0,tcp,http,5F,214,14959,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,6,6,0.00,0.00,0.00,0.00,1.00,0.00,0.00,11,255,1.00,0 0.00,0.06,1.00,0.00,0.00,22,255,1.00,0.00,0.05,0.05,0.00,0.00,6.00,0.00,normal.0,tcp,http,5F,235,6627,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,1,0.00,0.00,0.00,0.00,1.00,0.00 0,6,6,0.00,0.00,0.00,0.00,1.00,0.00,0.00,10,255,1.00,0.00,0.10,0.05,0.00,0.00,0.00,0.00,normal.0,top,http,SF,264,16123,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,2,13,0.00,0.00,0’ ,1,0,0,0,0,0,0,0,0,0,0,2,2,0.00,0.00,0.00,0.00,1.00,0.00,0.00,2,255,1.00,0.00,0.50,0.06,0.00,0.00,0.00,0.00,normal.0,tcp,http,SF,317,2075,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0 p,SF,237,2964,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,7,7,0.00,0.00,0.00,0.00,1.00,0.00,0.00,20,255,1.00,0.00,0.05,0.05,0.00,0.00,0.00,0.00,normal.0,tcp,http,5F,239,1691,0,0A 0.00, normal 0,tcp, http,SF, 236,468,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,16,17,0.00,0.00,0.00,0.00,1.00,0.00,0.12,51,255,1.00,0.00,0.02,0.04,0.00,0.00,0.00,0.00,normal.0,tcp,i 00,0.02,0.04,0.00,0.00,0.00,0.00,normal.0,tcp,http,5F,239,304,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,10,20,0.66,0.00,0.00,0.00,1.00,0.00,0.20,121,255,1.00,0.00,0.01,0.04,0.0( 00,1.00,0.00,0.20,181,255,1.00,0.00,0.01,0.02,0.00,0.00,0.00,0.00,normal.0,tcp,http,SF,238,2112,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,14,20,0.00,0.00,0.00,0.00,1.00,0.00,0.Í ,0,0,0,0,0,0,3,9,0.00,0.00,0.00,0.00,1.06,0.00,0.22,251,255,1.60,0.00,0.00,0.01,0.00,0.00,0.06,6.00,normal.0,tcp,http,5F,309,296,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,13,19/ 222,1981,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,12,12,0.00,0.00,0.00,0.00,1.00,0.00,0.00,255,255,1.00,0.00,0.00,0.00,0.00,0.00,0.00,0.00,normal.0,tcp,http,SF,219,2000,0,0,0,0, 00,0.00, normal 0,tcp,http, SF, 293,38125,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,22,22,0.00,0.00,0.00,0.00,1.00,0.00,0.00,22,255,1.00,0.00,0.05,0.61,0.00,0.00,0.00,0.00,normal.0, 04,0.03,0.00,0.00,0.00,0.00, normal 0,tcp, http, SF, 302,3966,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,M,4,0.00,0.00,0.00,0.00,1.00,0.00,0.00,34,255,1.00,0.00,0.03,0.03,0.00,0.00/ 7,24,255,1.00,0.00,6.04,0.05,0.00,0.00,0.00,0.00,normal.0,tcp,http,SF,232,1302,0,0,0,0,0,1,0,0,0,0,0,0,6,0,0,0,4,4,0.00,0.00,0.00,0.00,1.00,0.00,0.60,34,255,1.00,0.00/ 00,0.00,0.00,1.00,Ó.00,0.25,3,255,1.00,0.00,0.33,0.06,0.00,0.00,0.00,0.00,normal.0,tcp,http,5F,284,43129,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,3,3,0.00,0.00,0.00,0.00,1.00,0 ,0,0,0,0,4,4,0.00,0.00,0.00,0.00,1.00,0.00,0.00,73,255,1.00,0.00,0.01,0.04,0.00,0.00,0.00,0.00,normal.8,tcp,http,SF,257,4027,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,7,7,0.00,0 0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,4,4,0.00,0.00,0.00,0.00,1.00,0.00,0.00,143,255,1.00,0.00,0.01,0.03,0.01,0.00,0.00,0.00,normal.0,top,http,5F,207,6192,0,0,0,0,0,1,0,0,0/ 0, p,http,SF,342,11368,0,0,0, 0,1,0,0,0,0,0,0,0,0,0,0,3,3,0.00,0.00,0.00,0.00,1.00,0.00,0.00,3,255,1.00,0.00,0.33,0.02,0.00,0.00,0.00,0.00,normal.0,tcp,http,SF,342,5401/ 00,0.00,normal.0,top,http,SF,226,74301,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,4,4,0.00,0.00,0.00,0.00,1.00,0.00,0.00,15,255,1.00,0.00,0.07,0.04,0.00,0.00,0.00,0.00,normal.0,t< 0.04,0.00,0.01,0.00,0.00,normal.0,tcp,http,SF,322,1721,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,12,12,0.00,0.00,0.00,0.00,1.00,0.00,0.00,24,255,1.00,0.00,0.04,0.04,0.00,0.01/ 00,84,255,1.00,0.00,0.01,0.04,0.00,0.00,0.00,0.00,normal.0,tcp,http,5F,309,909,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,8,8,0.00,0.00,0.00,0.00,1.00,0.00,0.00,94,255,1.00,0.00 00,0.00,0.00,0.00,1.00,0.00,0.00,154,255,1.00,0.00,0.01,0.03,0.00,0.00,0.00,0.00,normal.0,tcp,http,SF,219,1651,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,4,6,0.00,0.00,0.00,0.00,Í ,0,1,0,0,0,0,0,0,0,0,0,0,2,2,0.00,0.00,0.00,0.00,1.00,0.00,0.00,224,255,1.00,0.00,0.00,0.01,0.00,0.00,0.00,0.00,normal.0,tcp,http,SF,246,1694,0,0,0,0,0,1,0,0,0,0,0,0,0, ,tcp,http,SF,334,1718,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,1,0.00,0.00,0.00,0.00,1.00,0.00,0.00,255,255,1.00,0.00,0.00,0.00,0.00,0.00,0.00,0.00,normal.0,tcp,http,5F,335,Ứ 0,0.00,0.60,0.00,0.00,normal.6,tcp,http,SF,287,4479,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,1,0.00,0.00,0.00,6.00,1.00,0.60,0.00,255,255,1.00,6.00,0.00,0.00,0.00,0.00,0.00,0 .00,255,255,1.00,0.00,0.00,0.00,0.00,0.00,0.00,0.00,normal.0,tcp,http,5F,218,1484,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,11,11,0.00,0.00,0.00,0.00,1.00,0.00,0.00,255,255,1.00 4,0.00,0.00,0.00,0.00,1.00,0.00,0.00,255,255,1.00,0.00,0.00,0.00,0.00,0.00,0.00,0.00,normal.8,tcp,http,SF,215,1108,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,1,0.00,0.00,0.00,0 0,0,0,1,0,0,0,0,0,0,0,0,0,0,2,2,0.00,0.00,0.00,0.00,1.00,0.00,0.00,255,255,1.00,0.00,0.00,0.00,0.00,0.00,0.00,0.00,normal.0,tcp,smtp,5F,3366,329,0,0,0,0,0,1,0,0,0,0,0/ 9,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,2,1,0.00,0.00,0.00,0.00,0.50,1.00,0.00,68,41,0.60,0.07,0.01,0.00,0.00,0.00,0.00,0.00,normal.0,udp,domain_u,SF, main_u,SF,31,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0.00,0.00,0.00,0.00,1.00,0.00,1.00,15,26,0.27,0.20,0.27,0.08,0.00,0.00,0.00,0.00,normal.0,tcp,smtp,5F,2753,280,0,0,0, 0,udp,domain_u,SF,31,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,4,0.00,0.00,0.00,0.00,1.00,0.00,0.75,85,41,a.22,0.06,0.22,0.05,0.00,0.00,0.00,0.00,normal.0,tcp,auth,SF,9,37,0, 0.00,normal.0,tcp,http,SF,284,1227,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,5,5,0.00,0.00,0.00,0.00,1.00,0.00,0.00,56,56,1.00,0.00,0.02,0.00,0.00,0.00,0.00,0.00,normal.0,tcp,htl 01,0.00,0.00,0.00,0.00,0.00,normal.0,tcp,http,SF,155,4145,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,7,42,0.00,0.00,0.00,0.00,1.00,0.00,0.07,126,126,1.00,0.00,0.01,0.00,0.00,0.0( 00,0.00,0.00,186,186,1.00,0.00,0.01,0.00,0.00,0.00,0.00,0.00,normal.0,top,http,SF,286,1415,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,5,5,0.00,0.00,0.00,0.00,1.00,0.00,0.00,196,1Í 7, 33,0,0,0,0,0,0,0,0,0,0/ Hình 3.7 Dữ liệu tập huấn luyện Hình 3.8 Dữ liêu tập thử nghiệm Để huấn luyện phân loại tập liệu trên, ta cần phải thực bước sau: + Bước 4: Trên cửa sổ TERMINAL thực câu lệnh theo thứ tự 57 sau: cd ^ cd KDD99 ^ cd MLP để truy cập đến thư mục MLP (là thư mục chứa file cần chạy) PROBLEMS OUTPUT DEBUG CONSOLE TERMINAL 1: powershell ▼ +TŨA□ Windows Powershell Copyright (C) Microsoft Corporation All rights reserved PS E:\phan mem anXNew folderXKDD99> cd PS E:\phan mem anXNew folderXKDD99> cd KDD99 PS E:\phan mem an\New folder\KŨŨ99\KDŨ99> cd HLF| Hình 3.9 Truy cập đến thư mục MLP + Bước 5: chạy file MLPRunner.py để hiển thị kết cuối PROBLEMS OUTPUT DEBUG CONSOLE TERMINAL 1: powershell T + IT □ Windows Powershell Copyright (C) Microsoft Corporation All rights reserved PS E:\phan mem anXNew folder\KDD99> cd PS E:\phan mem anXNew folderXKDD99> cd KDD99 PS E:\phan mem an\New folderXKDD99XKDD99> cd MLP PS E:\phan mem anXNew folderXKDD99XKDD99XMLP> python MLP_Runner.py| Hình 3.10 Thực chạy file MLP_Runner.py Kết cuối file trained_text.txt hiển hình dưới: 58 MLP_Runner.py - KDD99 - Visual Studio Code File Edit Selection View Go Debug Tasks Help EXPLORER ► OPEN EDITORS KDD99 ► vscode J KDD99 ĩi Ũ 01 ► vscode ► data - MLP J output & MLP.pkl trained_text.txt 4» _init_.py 4* MLP_Predictor.py F MLP_Predictor.pyc E:\phan mem 4» MLP_Runner.py Hình 3.11 Vị trí tập trained_text.txt Dữ liệu trained_text.txt phân loại liệu thử nghiệm corrected.txt —ỡX tra in ed_text.txt-Notepad File Edit Format View Help 3.0,0,0, ecr_i,0.0,0,0,0,0,0.0,0.0,0,255,0,0,0.0,0.0,1.0,0,SF,0,255,0,icmp,510,0,1.0,0,0.0,0.0,0,0,0.0,dos0,1032,510,0,0.0,0,1.0,0,0.0,0.0,0,0,ecr_i,0.0,0,0,0.0,0.0,0.0 * 0, 3,1 0,0.0,0.0,0,0,0.0,dos0,1032,510,0,0.0,0,1.0,0,0.0,0.0,0,0,ecp_i,0.0,0,0,0.0,0.0,0.0,0,255,0,0,0.0,0.0,1.0,0,SF,0,255,0,icmp,510,0,1.0,0,0.0,0.0,0,0,0.0,dos0,1032 3.0,0.0,0.0,0,255,0,0,0.0,0.0,1.0,0,5F,0,255,0,icinp,510,0,1.0,0,0.0,0.0,0,0,0.0,dos0,1032,510,0,0.0,0,1.0,0,0.0,0.0,0,0,ecp_i,0.0,0,0,0.0,0.0,0.0,0,255,0,0,0.0,0.0,1.0, ,dose, 1032,510,0,0.0,0,1.0,0,0.0,0.0,0,0,ecr_i,0.0,0,0,0.0,0.0,0.0,0,255,0,0,0.0,&.0,1.0,0,SF,0,255,0,icmp,510,0,1.0,0,0.0,0.0,0,0,0.0,dos0,1032,511,0,0.0,0,1.0,0,0.0, 0,0.0,1.0,0,SF,0,255,0,icmp,511,0,1.0,0,&.0,0.0,0,0,0.0,dos0,1032,511,0,0.0,0,1.0,0,0.0,0.0,0,0,ecr_i,0.0,0,0,0.0,0.0,0.0,0,255,0,0,0.0,0.0,1.0,0,SF,0,255,0,icinp,511,0 L.0,0,0.0,0.0,0,0,ecp_l,0.0,0,0,0.0,0.0,0.0,0,255,0,0,0.0,0.0,1.0,0,5F,0,255,0,icmp,511,0,1.0,0,0.0,0.0,0,0,0.0,dos0,1032,511,0,0.0,0,1.0,0,0.0,0.0,0,0,ecp_i,0.0,0,0,0 ,icmp,511,0,1.0,0,0.0,0.0,0,0,0.0,dos&,1032,511,0,0.0,0,1.0,&,0.0,0.0,0,0,ecr_i,0.0,0,0,0.0,0.0,0.0,0,255,0,0,0.0,0.0,1.0,0,SF,0,255,0,icmp,511,0,1.0,0,0.0,0.0,0,0,0.0, 0, ,0.0,0,0,0.0,0 0.0,0,255,0,0,0.0,0.0,1.0,0,SF,0,255,0,icmp,511,0,1.0,0,0.0,0.0,0,0,&.0,dos0,1032,511,0,0.0,0,1.0,0,0.0,0.0,0,0,ecp_i,0.0,0,0,0.0,0.0,0.0,0,255,0,0,0 .0,0,0,0.0,dose,1032,511,0,0.0,0,1.0,0,0.0,0.0,0,0,ecr_i,0.0,0,0,0.0,0.0,0.0,0,255,0,0,0.0,0.0,1.0,0,SF,0,255,0,icinp,511,0,1.0,0,0.0,0.0,0,0,0.0^050,1032,511,0,0.0,0, ,255,0,0,0.0,0.0,1.0,0,SF,0,255,0,icmp,511,0,1.0,0,0.0,0.0,0,0,0.0,dos0,1032,511,&,0.0,0,1.0,0,0.0,0.0,0,0,ecp_l,0.0,0,0,0.0,0.0,0.0,0,255,0,0,0.0,0.0,1.0,0,SF,0,255,0, L,0,0.0,0,1.0,0,0.0,0.0,0,0,ecp_i,0.0,0,0,0.0,0.0,0.0,0,255,0,0,0.0,0.0,1.0,0,SF,0,255,0,icmp,511,0,1.0,0,0.0,0.0,0,0,0.0,dos0,1032,511,0,0.0,0,1.0,0,0.0,0.0,0,0,ecr_i iF,0,255,0,icmp,511,0,1.0,0,0.0,0.0,0,0,0.0,dos0,1032,511,0,0.0,0,1.0,0,0.0,0.0,0,0,ecr_i,0.0,0,0,0.0,0.0,0.0,0,255,0,0,0.0,0.0,1.0,0,SF,0,255,0,icmp,511,0,1.0,0,0.0,0 ,0,0,ecp_i,0.0,0,0,0.0,0.0,0.0,0,255,0,0,0.0,0.0,1.0,0,SF,0,255,0,icmp,509,0,1.0,&,0.0,0.0,0,0,0.0,dos0,1032,509,0,0.0,0,1.0,0,0.0,0.0,0,0,ecp_i,0.0,0,0,0.0,0.0,0.0,0, 0,0,0.0,0.0,0,0,0.0,dos0,1032,509,0,0.0,0,li0,0,0.0,0.0,0,0,ecr_i>0-0>0s0>0 0,0*0,0.0,0,255,0,0,0.0,0.0,1.0,0,SF,0,255,0,icmp,509,0,1.0,0,0.0,0.0,0,0,0.0,d0s0,1032,50 ,0.0,0.0,0,255,0,0,0.0,0.0,1.0,0,SF,0,255,0,icmp,510,0,1.0,0,0.0,0.0,0,0,0.0,dosS,1032,510,0,0.0,0,1.0,0,0.0,0.0,0,0,ecr_i,0.0,0,0,0.0,0.0,0.0,0,255,0,0,0.0,0.0,1.0,0,5 >0,1032,510,0,0.&,0,1.0,0,0.0,0.0,0,0,ecp_i,0.0,0,0,0.0,0.0,&.0,0,255,0,0,0.0,0.0,1.0,0,SF,0,255,0,icmp,510,0,1.0,0,0.0,0.0,0,0,0.0,dos0,1032,510,0,0.0,0,1.0,0,0.0,0.0 3.0,1.0,0,SF,0,255,0,icmp,510,0,1.0,0,0.0,0.0,0,0,0.0,dos0,1032,510,0,0.0,0,1.0,0,0.0,0.0,0,G,ecr_i,0.0,0,0,0.0,0.0,0.0,0,255,0,0,0.0,0.0,1.0,0,SF,0,255,0,icmp, 510,0,1 ,0,0.0,0.0,0,0,ecr_i,0.0,0,0,0.0,0.0,0.0,0,255,0,0,0.0,0.0,1.0,0,SF,0,255,0,icmp,510,0,1.0,0,0.0,0.0,0,0,0.0,dos0,1032,510,0,0.0,0,1.0,0,0.0,0.0,0,0,ecr_i,0.0,0,0,0.0, np,510,0,1.0,0,0.0,0.0,0,0,0.0,dos0,1032,510,0,0.0,0,1.0,0,0.0,0.0,0,0,ecr_i,0.0,&,0,0.0,0.0,0.0,0,255,0,0,0.0,0.0,1.0,0,SF,0,255,0,icmp,510,0,1.0,0,0.0,0.0,0,0,0.0,dos 3,0,G,0.0,0.0,0.0,0,255,0,0,0.0,0.0,1.0,0,SF,0,255,0,icmp,511,0,1.0,0,0.0,0.0,0,0,0.0,dos0,1032,511,0,0.0,0,1.0,0,0.0,0.0,0,0,ecr_i,0.0,0,0,0.0,0.0,0.0,0,255,0,0,0.0,0 , 0,0.0,dosG,1032,511,0,0.0,G,1.0,0,0.0,0.0,0,0,ecp_i,0.0,0,0,0.0,0.0,0.0,0,255,0,0,0.0,0.0,1.0,0,SF,0,255,0,icmp,511,0,1.0,0,0.0,0.0,0,0,0.0,dos0,1032,511,0,0.0,0,1.0, ,0,0,0.0,0.0,1.0,0,5F,0,255,0,icnip,511,0,1.0,0,0.0,0.0,0,0,0.0,dos0,1032,511,0,0.0,0,1.0,0,0.0,0.0,0,0,ecr_i,0.0,0,0,0.0,0.0,0.0,0,255,0,0,0.0,0.0,1.0,0,5^,0,255,0,10^ 3.0,0,1.0,0,0.0,0.0,0,0,ecr_i,0.0,0,0,0.0,0.0,0.0,0,255,0,0,0.0,0.0,1.0,0,SF,0,255,0,icmp,511,0,1.0,0,0.0,0.0,0,0,0.0,dos0,1032,511,0,0.0,0,1.0,0,0.0,0.0,0,0,ecr_i,0.0 ,255,0,icmp,511,0,1.0,0,0.0,0.0,0,0,0.0,dos0,1032,511,0,0.0,0,1.0,0,0.0,0.0,0,0,ecr_i,0.0,0,0,0.0,0.0,0.0,0,255,0,0,0.0,0.0,1.0,0,SF,0,255,0,icnip,511,0,1.0,0,0.0,0.0,0, ,ecp_i,0.0,0,0,0.0,0.0,0.0,0,255,0,0,0.0,0.0,1.0,0,5F,0,255,0,icmp,5U,0,1.0,0,0.&,0.0,0,0,0.0,dos0,1032,511,0,0.0,0,1.0,0,0.0,0.0,0,0,ecp_i,0.0,0,0,0.0,0.0,0.0,0,255, ,0.0,0.0,0,0,0.0,dos0,1032,511,0,0.0,0,1.0,0,0.0,0.0,0,0,ecr_i,0.0,0,0,0.0,0.0,0.0,0,255,0,0,0.0,0.0,1.0,0,SF,0,255,0,icmp,511,0,1.0,0,0.0,0.0,0,0,0.0,dos0,1032,511,0, , 0.0,0,255,0,0,0.0,0.0,1.0,0,SF,0,255,0,icmp,511,0,1.0,0,0.0,0.0,0,0,0.0,dos0,1032,511,0,0.0,0,1.0,0,0.0,0.0,0,0,ecr_i,0.0,0,0,0.0,0.0,0.0,0,255,0,0,0.0,0.0,1.0,0,SF,0, 332,508,0,0.0,0,1.0,0,0.0,0.0,0,0,ecr_i,0.0,0,0,0.0,0.0,0.0,&,255,0,0,0.0,0.0,1.0,0,5F,0,255,0,icmp,508,0,1.0,0,0.0,0.0,0,0,0.0,dos0,1032,509,0,0.0,0,1.0,0,0.0,0.0,0,0 L.0,0,SF,0,255,0,icmp,509,0,1.0,0,0.0,0.0,0,0,0.0,dos0,1032,509,0,0.0,0,1.0,0,0.0,0.0,0,0,ecr_i,0.0,0,0,0.0,0.0,0.0,0,255,0,0,0.0,0.0,1.0,0,SF,0,255,0,icmp,509,0,1.0,0, 0,0.0,0,0,ecr_i,0.0,0,0,0.0,0.0,0.0,0,255,0,0,0.0,0.0,1.0,0,SF,0,255,0,icmp,509,0,1.0,0,0.0,0.0,0,0,0.0,dos0,1032,509,0,0.0,0,1.0,0,0.0,0.0,0,0,ecr_i,0.0,0,0,0.0,0.0, L0,0,1.0,0,0.0,0.0,0,0,0.0,dos0,1032,510,0,0.0,0,1.0,0,0.0,0.0,0,0,ecr_i,0.0,0,0,0.0,0.0,0.0,0,255,0,0,0.0,0.0,1.0,0,SF,0,255,0,icrnp,510,0,1.0,0,0.0,0.0,0,0,0.0,dos0,l ,0,0.0,0.0,0.0,0,255,0,0,0.0,0.0,1.0,0,5F,0,255,0,icmp,510,0,1.0,0,0.0,0.0,0,0,0.0,dosB,1032,510,0,0.0,0,1.0,0,0.0,0.0,0,0,ec r_ii0.0,0,0,0.0,0.0,0.0,0,255,0,0,0.0,0.0,1 3.0,dos0,1032,510,0,0.0,0,1.0,0,0.0,0.0,0,0,ecr_i,0.0,0,0,0.0,0.0,0.0,0,255,0,0,0.0,0.0,1.0,0,SF,0,255,0,icmp,510,0,1.0,0,0.0,0.0,0,0,0.0,dos0,1032,510,0,0.0,0,1.0,0,0 3,0.0,0.0,1.0,0,SF,0,255,0,icmp,510,0,1.0,0,0.0,0.0,0,0,0.0,dosB,1032,510,0,0.0,0,1.0,0,0.0,0.0,0,0,ecp_i,0.0,0,0,0.0,0.0,0.0,0,255,0,0,0.0,0.0,1.0,0,5F,0,255,0,icmp,51 ,0,1.0,0,0.0,0.0,0,0,ecr_i,0.0,0,0,0.0,0.0,0.0,0,255,0,0,0.0,0.0,1.0,0,SF,0,255,0,icmp,510,0,1.0,0,0.0,0.0,0,0,0.0,dos0,1032,510,0,0.0,0,1.0,0,0.0,0.0,0,0,ecr_i,0.0,0, ■ o ã o * â ft X ôi " «1 ■ A ills ™ Hình 3.12 liệu trained_text.txt Kết thúc q trình mơ ta thấy được, từ liệu đầu vào mạng neural phân loại liệu tập thử nghiệm KDD99, từ phát liệu có phải cơng hay khơng 3.3 Kết luận chương III Chương III tìm hiểu tính ứng dụng mạng neural phát 59 xâm nhập trái phép tập liệu KDD99 dùng để huấn luyện Trình bày cơng cụ cần thiết để mơ chương trình, bước cài đặt sở liệu cài đặt chương trình Kết chương trình thể khả học phân loại mẫu mạng neural KẾT LUẬN • - Một số nội dung mà đồ án tìm hiểu sau: + Tìm hiểu nguy an tồn thơng tin mạng máy tính, số công giải pháp tăng cường bảo vệ cho mạng máy tính Giới thiệu hệ thống phát xâm nhập (IDS), chức năng, cấu trúc IDS kỹ thuật phát xâm nhập trái phép + Tìm hiểu kiến trúc, luật học, hoạt động ứng mạng neural nhân tạo Giới thiệu thuật toán kiến trúc mạng neural thường sử dụng tốn + Tìm hiểu tính ứng dụng mạng neural phát xâm nhập trái phép, cài đặt, khai thác chương trình mơ phân lớp liệu mạng neural qua tập liệu KDD99, mà từ việc phân loại mạng neural phát liệu đầu có thuộc cơng khơng Chương trình cho thấy tính khả thi việc ứng dụng mạng neural phát xâm nhập trái phép - Hạn chế: Thời gian nghiên cứu kiến thức hạn chế nên nội dung đồ án cịn nhiều thiếu sót, phần mô chưa thể ứng dụng mạng neural thực tế để phát xâm nhập trái phép - Hướng phát triển đề tài: Xây dựng hệ thống sử dụng mạng neural để phát xâm nhập trái phép TÀI LIỆU THAM KHẢO • [1] Nguyễn Đức Hiển (2012), Máy vector hỗ trợ đa lớp ứng dụng phát công mạng, Học viện cơng nghệ bưu viễn thơng [2] Nguyễn Thị Hiền (2017), Đánh giá hiệu số thuật toán phân lớp cho phát xâm nhập, Học viện cơng nghệ bưu viễn thơng [3] Trần Thị Hương (2016), Đánh giá hiệu số thuật toán phát xâm nhập mạng, Trường đại học khoa học tự nhiên [4] Abdulkader A Alfantookh (2006), DoS Attacks Intelligent Detection using Neural Networks, Department of Computer Science, College of Computer & Information Sciences King Saud University [5] Aburomma A A., Reaz M B I., Evolution of Intrusion Detection Systems Based on Machine Learning Methods, Australian Journal of Basic and Applied Sciences [6] B.Santos Kumar, T.Chandra Sekhara Phani Raju, M.Ratnakar, Sk.Dawood Baba, N.Sudhakar (2013), Intrusion Detection SystemTypes and Prevention, Wellfare Institute of Science, Technology & Management Dept of CSE Vishakhapatnam, A.P [7] Barlow, HB (1989), Unsupervised learning, Neural Computation [8] E.Kesavulu Reddy, Member IAENG (2013), Neural Networks for Intrusion Detection and Its Applications, Proceedings of the World Congress on Engineering [9] H Gunes Kayacik, A Nur Zincir-Heywood, Malcolm I Heywood, Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 Intrusion Detection Datasets, Dalhousie University, Faculty of Computer Science, 6050 University Avenue, Halifax, Nova Scotia [10] Kendar Pratap, Shelja (2013), Artificial neural net-work (ann) inspired from biological nervous system, Lecturer, Govt National P.G.College, Sirsa, Haryana (INDIA) [11] Mahbod Tavallaee, Ebrahim Bagheri, Wei Lu, and Ali A Ghorbani (2009), A Detailed Analysis of the KDD CUP 99 Data Set, CISDA [12] Manh C Phan, Mark H Beale and Martin T Hagan (2013), A Procedure for Training Recurrent Networks, Proceedings of International Joint Conference on Neural Networks, Dallas, Texas, USA [13] Martin T Hagan, Howard B Demuth, Mark Hudson Beale, Neural network design 2nd edtion, Oklahoma State University [14] Poojitha.G, Naveen Kumar.K, JayaramiReddy.P (2010), Intrusion Detection Using Artificial Neural Network, Sri Venkateswra Institute of Science and Technology, tadigotla (vi & post) kadapa-516003, A.P.India [15] Salvatore J Stolfo, Wei Fan, Wenke Lee, Andreas Prodromidis (1999), Cost-based Modeling and Evaluationfor Data Mining With Applicationto Fraud and Intrusion Detection: Results from the JAM Project, Computer Science Department Columbia University 500 West 120th Street, New York [16] https: //www.ll mit.edu/ideval/data/ [17] http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html [18] https://securitydaily.net/network-hieu-ve-he-thong-phat-hien-xamnhap-ids/

Ngày đăng: 24/06/2023, 15:33

Xem thêm:

Tài liệu cùng người dùng

Tài liệu liên quan