網際網路普及化與網路攻擊工具易於取得,使得網路安全議題日益凸顯,網路安全事件日漸影響使用者之網路活動及企業之營運。如何有效偵測網路入侵封包且降低入侵偵測系統(Intrusion Detection System, IDS)之誤判率,並採取適當之防護措施,對於企業與網路管理者都是一項迫切且必須之工作。本篇研究針對KDD CUP’99資料庫之網路入侵封包資料,調校常見之KNN、BPN、GRI演算法,建構訓練模型,尋求較佳之入侵偵測組態。研究結果顯示,調校使用單一演算法建構之組態,準確率最高可達98.77%,最低誤判率可達0.3484%。若並聯3個調校演算法進行偵測,準確率則可提高至99.68% ; 而串聯3個演算法進行偵測,誤判率則可降至0.03318%。而研究結果顯示,演算法建構之模型耗損電腦效能並不明顯,Max of CPU Load Average為21%,Max of Average Memory Usage為26%。
Due to popularization of the Internet and easy access of network attack tools, network security issues become apparent. Network security incidents affect network users’ of activities and operations of enterprise. How to effectively detect intrusion packets, which reduced false negatives, and engage appropriate countermeasures are urgent and essential tasks for enterprises and network administrators.
This research evaluates data of network intrusion packet from KDD CUP’99 database, tunes common algorithms KNN, BPN and GRI to construct training model, and seek a better configuration of intrusion detection.
The results show maximum accuracy of tuned configuration using single algorithm could reach 98.77% with minimum false negative ratio 0.3484%. Tuned con-figuration conjoining three algorithms could reach 98.68% accuracy. The minimum false negative ratio of tuned configuration disjoining three algorithms could reduce to 0.03318%. Research results also show computer performance affected by the models constructed is not apparent. The Max of CPU Load Average is 21%, and the Max of Average Memory Usage is 26%.
