入侵偵測是一種對網路傳輸進行及時監視,在發現可疑行為時發出警報,或是採取主動反應措施以降低或避免系統傷害之網路安全技術。依照監測方式之不同,可以將入侵偵測技術分為異常偵測和誤用偵測二類。異常偵測則是對使用者或網路流量先建立一個「正常」的行為,再對通過的封包去做比對,假如超過正常行為的門檻值就是視為異常。近年來,異常偵測時常運用到機器學習理論作為建立 「正常」行為的一個學習機制。本論文中,使用到了一個被廣泛運用的學習技術--支援向量機,作為本異常偵測模擬實驗之學習技術,而在支援向量機工具的使用則是選用臺灣大學林智仁教授所開發的LibSVM。世界上有相當多關於這方面的研究都是使用到支援向量機,搭配額外的演算法如基因演算法或是類神經網路或是額外的核函數以達到高的偵測率。但在本論文的研究中,不需要搭配外來的幫助,即可以達到良好的偵測率,以及低的誤判率。也降低了額外所需的計算量。 Intrusion detection is the means to identify the intrusive behaviors and provides useful information to intruded systems to respond fast and to avoid or reduce damages. In recent years, learning machine technology is often used as a detection method in anomaly detection. In this thesis, we use support vector machine as a learning method for anomaly detection, and use LibSVM as the support vector machine tool. By using this tool, we get rid of numerous and complex operation and do not have to use external tools for finding parameters as need by using other algorithms such as the genetic algorithm. Experimental results show that high average detection rates and low average false positive rates in anomaly detection are achieved by our proposed approach.
