English  |  正體中文  |  简体中文  |  全文笔数/总笔数 : 63117/95882 (66%)
造访人次 : 4335655      在线人数 : 226
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
  • 进阶搜寻


    jsp.display-item.identifier=請使用永久網址來引用或連結此文件: https://tkuir.lib.tku.edu.tw/dspace/handle/987654321/54533


    题名: 協同式動態網路入侵知識擷取系統之研製
    其它题名: Design and Implementation of a Collaborative Dynamic Network Intrusion Knowledge Acquisition Syatem
    作者: 林順傑
    贡献者: 淡江大學資訊工程學系
    关键词: 動態知識擷取;協同式;隱含知識擷取;入侵偵測;電腦蠕蟲;分散式阻絕服務;Dynamic knowledge acquisition;Collaborative;EMCUD;Intrusion detection;Computer worm;Distributed DoS
    日期: 2010
    上传时间: 2011-07-06 11:51:07 (UTC+8)
    摘要: 知識擷取是在建立知識庫系統中的一個主要瓶頸。由於知識爆炸,知識可以被歸納 成靜態表象知識(Static Substantive Knowledge)和動態表象知識(Dynamic Substantive Knowledge)兩大類。目前大多數提出的知識擷取方法,均從專家那邊萃取出靜態知識, 但這些方法因為缺乏足夠的資訊,所以並未討論到如何發覺包括變種知識(Variant Knowledge)和演化性知識(Evolutional Knowledge)等動態知識。因此,如何蒐集到足 夠的資訊,並通知專家有新演化的物件產生,驗證並擴展舊有的知識庫,也逐漸變成一 個重要的議題。大多數知識擷取系統,採取凱利方格(Repertory Grid)技術來分辨並擷 取某領域不同物件的靜態知識。EMCUD(Embedded Meaning Capturing and Uncertainty Deciding)是一種擷取隱含知識的技術協助專家萃取知識的隱含意義並協助專家決定每 一條隱含法則(embedded rule)的信賴程度(certainty factor),用來擴展使用凱利方格方 法產生的原始法則(original rule)。我們的想法是希望可以藉由觀察知識庫各個低信賴 程度的隱含規則被推論的行為,包括頻率以及趨勢變化並藉此用來學習可能的新演化物 件,然後再引導專家根據這些推論行為的趨勢來萃取便是這些物件的動態知識。在這個 研究計畫中,我們將提出一個新的協同式動態知識擷取方法來協助專家察覺到新演化物 件的產生並萃取出這些物件的隱含法則,並分三年逐一完成各個主要元件。在第一年, 我們將設計動態知識擷取元件(Dynamic EMCUD)協助專家收集足夠的推論記錄並設計 網路攻擊知識庫。在隨著時間改變的環境中,可透過觀察頻繁的推論行為和演化行為的 趨勢,讓專家察覺到新演化物件的產生。最後將一個多資料型態知識表格差異檔 (Acquisition Table)和一個屬性序列表格差異檔(Attribute Ordering Table,AOT)個別整 合到一個主要的多資料型態知識表格和主要的屬性序列表格中,並用來調整弱隱含法則 來達到表格演化的能力。第二年我們將持續強化我們的網路攻擊知識庫以及動態知識擷 取元件,並著手設計成協同的動態知識擷取系統與協同式策略來協助第三年進行實際整 合從各個搭載動態知識擷取元件的區域知識庫系統所產生的演化物件的知識。並且協助 專家定義大量的環境資訊來發覺更多其它新的物件知識。我們將提出數個演算法來幫助 專家容易的萃取新物件的隱含法則。此外,我們也將分析電腦蠕蟲和分散式阻斷攻擊並 研製一個網路攻擊模擬環境來評估協同式動態知識擷取系統的效能,結果顯示新的變種 物件可以被快速發覺並可以快速的通知專家,並協助他們利用動態知識擷取元件萃取出 新演化物件的隱含法則。
    Knowledge acquisition is known to be a critical bottleneck of building knowledge based systems. Due to the explosion of knowledge, substantive knowledge can be classified into static substantive knowledge and dynamic substantive knowledge. Many knowledge acquisition methodologies have been proposed to systematically elicit rules of static substantive knowledge from domain experts in the past twenty years. However, none of these methods discusses the issue of discovering dynamic substantive knowledge including variant knowledge and evolutional knowledge due to the lack of sufficient information. Hence, how to collect sufficient information to help experts notice the occurrence of new evolved objects and to reuse and extend the original knowledge base becomes increasingly important in the knowledge acquisition field. Most of the existing systems employ the Repertory-Grid test in eliciting static substantive knowledge to identify different objects and distinguishing these objects in a selected domain. EMCUD (Embedded Meaning Capturing and Uncertainty Deciding), one of a Repertory Grid based knowledge acquisition tools, has been proposed to elicit the embedded meanings of knowledge (embedded rules bearing on objects and object attributes) to classify objects and guide experts to decide the certainty degree of each embedded rule using an attribute ordering table (AOT), which records the relative importance of each attribute to each object, for extending the coverage of original rules. Our idea is to monitor the frequent inference behaviors and the trend of weak embedded rules with lower certainty degree and learn the candidates of new evolved objects and then guide the experts to extract the dynamic knowledge of these objects according the trend of inference behaviors. In this research project, we will propose a new iteratively collaborative dynamic knowledge acquisition method to notify experts to extract the embedded rules of new evolved objects. Each primary component will be scheduled to deliver year by year within the three years project. In the first year, we will design network intrusion knowledge base and the Dynamic EMCUD to collect sufficient inference log and then notify experts the occurrence of evolved objects through observing the frequent inference behaviors and tracing the trend of evolutional behaviors over time in a changing environment. The Dynamic EMCUD can integrate a small acquisition table increment and a small AOT increment into the main acquisition table and the main AOT, respectively, for adapting the weak embedded rules to achieve the ability of grid evolution. In the second year, we will continuously enhance the network intrusion knowledge base and the Dynamic EMCUD component can be easily extended as a collaborative framework to integrate the new knowledge of new evolved objects generated from every local KBSs and help experts easily discover some other new evolved objects in the collaborative KBS with sufficient context. Besides, we will also design a collaborative for the implementation in the third year. Five algorithms are proposed to help expert easily extract the embedded rules of new objects. We will analyze the behaviors of computer worms and distributed DoS attacks and will be used in the attacking simulation environment, which will be delivered in third year, to evaluate the performance of Dynamic EMCUD. The results show that the new variants can be discovered and experts can be easily notified to quickly extract the knowledge of new objects according to the Dynamic EMCUD.
    显示于类别:[資訊工程學系暨研究所] 研究報告

    文件中的档案:

    没有与此文件相关的档案.

    在機構典藏中所有的数据项都受到原著作权保护.

    TAIR相关文章

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - 回馈