11 |
Αναγνώριση επιθέσεων άρνησης εξυπηρέτησηςΓαβρίλης, Δημήτρης 15 February 2008 (has links)
Στη Διδακτορική Διατριβή μελετώνται 3 κατηγορίες επιθέσεων άρνησης εξυπηρέτησης (Denial-of-Service). Η πρώτη κατηγορία αφορά επιθέσεις τύπου SYN Flood, μια επίθεση που πραγματοποιείται σε χαμηλό επίπεδο και αποτελεί την πιο διαδεδομένη ίσως κατηγορία. Για την αναγνώριση των επιθέσεων αυτών εξήχθησαν 9 στατιστικές παράμετροι οι οποίες τροφοδότησαν τους εξής ταξινομητές: ένα νευρωνικό δίκτυο ακτινικών συναρτήσεων, ένα ταξινομητή κ-κοντινότερων γειτόνων και ένα εξελικτικό νευρωνικό δίκτυο. Ιδιαίτερη σημασία στο σύστημα αναγνώρισης έχουν οι παράμετροι που χρησιμοποιήθηκαν. Για την κατασκευή και επιλογή των παραμέτρων αυτών, προτάθηκε μια νέα τεχνική η οποία χρησιμοποιεί ένα γενετικό αλγόριθμο και μια γραμματική ελεύθερης σύνταξης για να κατασκευάζει νέα σύνολα παραμέτρων από υπάρχοντα σύνολα πρωτογενών χαρακτηριστικών. Στη δεύτερη κατηγορία επιθέσεων, μελετήθηκαν επιθέσεις άρνησης εξυπηρέτησης στην υπηρεσία του παγκόσμιου ιστού (www). Για την αντιμετώπιση των επιθέσεων αυτών προτάθηκε η χρήση υπερσυνδέσμων-παγίδων οι οποίοι τοποθετούνται στον ιστοχώρο και λειτουργούν σαν νάρκες σε ναρκοπέδιο. Οι υπερσύνδεσμοι-παγίδες δεν περιέχουν καμία σημασιολογική πληροφορία και άρα είναι αόρατοι στους πραγματικούς χρήστες ενώ είναι ορατοί στις μηχανές που πραγματοποιούν τις επιθέσεις. Στην τελευταία κατηγορία επιθέσεων, τα μηνύματα ηλεκτρονικού ταχυδρομείου spam, προτάθηκε μια μέθοδος κατασκευής ενός πολύ μικρού αριθμού παραμέτρων και χρησιμοποιήθηκαν για πρώτη φορά νευρωνικά δίκτυα για την αναγνώριση τους. / The dissertation analyzes 3 categories of denial-of-service attacks. The first category concerns SYN Flood attacks, a low level attack which is the most common. For the detection of this type of attacks 9 features were proposed which acted as inputs for the following classifiers: a radial basis function neural network, a k-nearest neighbor classifier and an evolutionary neural network. A crucial part of the proposed system is the parameters that act as inputs for the classifiers. For the selection and construction of those features a new method was proposed that automatically selects constructs new feature sets from a predefined set of primitive characteristics. This new method uses a genetic algorithm and a context-free grammar in order to find the optimal feature set. In the second category, denial-of-service attacks on the World Wide Web service were studied. For the detection of those attacks, the use of decoy-hyperlinks was proposed. Decoy hyperlinks, are hyperlinks that contain no semantic information and thus are invisible to normal users but are transparent to the programs that perform the attacks. The decoys act like mines on a minefield and are placed optimally on the web site so that the detection probability is maximized. In the last type of attack, the email spam problem, a new method was proposed for the construction of a very small number of features which are used to feed a neural network that for the first time is used to detect such attacks.
|
12 |
Variações do método kNN e suas aplicações na classificação automática de textos / kNN Method Variations and its applications in Text ClassificationSANTOS, Fernando Chagas 10 October 2010 (has links)
Made available in DSpace on 2014-07-29T14:57:46Z (GMT). No. of bitstreams: 1
dissertacao-fernando.pdf: 677510 bytes, checksum: 19704f0b04ee313a63b053f7f9df409c (MD5)
Previous issue date: 2010-10-10 / Most research on Automatic Text Categorization (ATC) seeks to improve the classifier
performance (effective or efficient) responsible for automatically classifying a document
d not yet rated. The k nearest neighbors (kNN) is simpler and it s one of automatic
classification methods more effective as proposed. In this paper we proposed two kNN
variations, Inverse kNN (kINN) and Symmetric kNN (kSNN) with the aim of improving
the effectiveness of ACT. The kNN, kINN and kSNN methods were applied in Reuters,
20ng and Ohsumed collections and the results showed that kINN and kSNN methods
were more effective than kNN method in Reuters and Ohsumed collections. kINN and
kSNN methods were as effective as kNN method in 20NG collection. In addition, the
performance achieved by kNN method is more stable than kINN and kSNN methods
when the value k change. A parallel study was conducted to generate new features in
documents from the similarity matrices resulting from the selection criteria for the best
results obtained in kNN, kINN and kSNN methods. The SVM (considered a state of the
art method) was applied in Reuters, 20NG and Ohsumed collections - before and after
applying this approach to generate features in these documents and the results showed
statistically significant gains for the original collection. / Grande parte das pesquisas relacionadas com a classificação automática de textos (CAT)
tem procurado melhorar o desempenho (eficácia ou eficiência) do classificador responsável
por classificar automaticamente um documento d, ainda não classificado. O método
dos k vizinhos mais próximos (kNN, do inglês k nearest neighbors) é um dos métodos
de classificação automática mais simples e eficazes já propostos. Neste trabalho foram
propostas duas variações do método kNN, o kNN invertido (kINN) e o kNN simétrico
(kSNN) com o objetivo de melhorar a eficácia da CAT. Os métodos kNN, kINN e kSNN
foram aplicados nas coleções Reuters, 20NG e Ohsumed e os resultados obtidos demonstraram
que os métodos kINN e kSNN tiveram eficácia superior ao método kNN ao serem
aplicados nas coleções Reuters e Ohsumed e eficácia equivalente ao método kNN ao serem
aplicados na coleção 20NG. Além disso, nessas coleções foi possível verificar que o
desempenho obtido pelo método kNN é mais estável a variação do valor k do que os desempenhos
obtidos pelos métodos kINN e kSNN. Um estudo paralelo foi realizado para
gerar novas características em documentos a partir das matrizes de similaridade resultantes
dos critérios de seleção dos melhores resultados obtidos na avaliação dos métodos
kNN, kINN e kSNN. O método SVM, considerado um método de classificação do estado
da arte em relação à eficácia, foi aplicado nas coleções Reuters, 20NG e Ohsumed - antes
e após aplicar a abordagem de geração de características nesses documentos e os resultados
obtidos demonstraram ganhos estatisticamente significativos em relação à coleção
original.
|
Page generated in 0.0861 seconds