現今網路架構越來越複雜,加上網際網路的蓬勃發展及網路活動頻繁,隱藏在網路內的惡意封包對網路安全構成嚴重的威脅,資料探勘是現今非常熱門話題,它可以從記錄檔中尋找出有用的知識並分析正常與異常網路使用上的差異,動態更新防禦機制,類神經網路與決策樹為其中被採用之技術,然而目前並無兩者結合用於封包辨識之研究。本研究旨在結合利用類神經高學習力及決策樹能歸納規則特性運用於辨識封包的攻擊行為,實驗過程並針對各類封包分別比較其誤判率及漏判率,以評估其在各類封包預測之準確度;本實驗三種模型結果顯示 R2L、Probe 誤判率皆大於 90% 以上,漏判率 R2L 也接近 99%,所以本實驗的模型對於 R2L 及 Probe 攻擊封包並沒有很好之辨識效果。
Network architecture is more and more complicated day by day, in addition, the flourishing development of the internet and network activity are frequent, it is a serious threat to network security for the hostile package hidden in the network . Data mining is a hot topic today, it can find out the useful knowledge and differences analyzing between normal and abnormal packages from log, and update defending mechanism dynamically, there are many researches using the neural network and decision tree methodology for internet package analysis, but there is no any research to combine these two methodologies for packages distinguished research. This research combines both the characteristics of neural learns high and decision tree summing up the rules to apply distinguishing behavior of attach of packet. We compare the false positive rate and false negative rate to each kind of package in the experiment to evaluate accurate rate of every kind of attacking package prediction. The result of tree models in our experiment show that false positive rate for R2L and Probe are over 90% ,false negative rate for R2L is over 99%,So the effect is not good for distinguishing R2L and Probe for these models in the research.