English  |  正體中文  |  简体中文  |  Items with full text/Total items : 55956/90025 (62%)
Visitors : 11516579      Online Users : 92
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    Please use this identifier to cite or link to this item: http://tkuir.lib.tku.edu.tw:8080/dspace/handle/987654321/54533


    Title: 協同式動態網路入侵知識擷取系統之研製
    Other Titles: Design and Implementation of a Collaborative Dynamic Network Intrusion Knowledge Acquisition Syatem
    Authors: 林順傑
    Contributors: 淡江大學資訊工程學系
    Keywords: 動態知識擷取;協同式;隱含知識擷取;入侵偵測;電腦蠕蟲;分散式阻絕服務;Dynamic knowledge acquisition;Collaborative;EMCUD;Intrusion detection;Computer worm;Distributed DoS
    Date: 2010
    Issue Date: 2011-07-06 11:51:07 (UTC+8)
    Abstract: 知識擷取是在建立知識庫系統中的一個主要瓶頸。由於知識爆炸,知識可以被歸納 成靜態表象知識(Static Substantive Knowledge)和動態表象知識(Dynamic Substantive Knowledge)兩大類。目前大多數提出的知識擷取方法,均從專家那邊萃取出靜態知識, 但這些方法因為缺乏足夠的資訊,所以並未討論到如何發覺包括變種知識(Variant Knowledge)和演化性知識(Evolutional Knowledge)等動態知識。因此,如何蒐集到足 夠的資訊,並通知專家有新演化的物件產生,驗證並擴展舊有的知識庫,也逐漸變成一 個重要的議題。大多數知識擷取系統,採取凱利方格(Repertory Grid)技術來分辨並擷 取某領域不同物件的靜態知識。EMCUD(Embedded Meaning Capturing and Uncertainty Deciding)是一種擷取隱含知識的技術協助專家萃取知識的隱含意義並協助專家決定每 一條隱含法則(embedded rule)的信賴程度(certainty factor),用來擴展使用凱利方格方 法產生的原始法則(original rule)。我們的想法是希望可以藉由觀察知識庫各個低信賴 程度的隱含規則被推論的行為,包括頻率以及趨勢變化並藉此用來學習可能的新演化物 件,然後再引導專家根據這些推論行為的趨勢來萃取便是這些物件的動態知識。在這個 研究計畫中,我們將提出一個新的協同式動態知識擷取方法來協助專家察覺到新演化物 件的產生並萃取出這些物件的隱含法則,並分三年逐一完成各個主要元件。在第一年, 我們將設計動態知識擷取元件(Dynamic EMCUD)協助專家收集足夠的推論記錄並設計 網路攻擊知識庫。在隨著時間改變的環境中,可透過觀察頻繁的推論行為和演化行為的 趨勢,讓專家察覺到新演化物件的產生。最後將一個多資料型態知識表格差異檔 (Acquisition Table)和一個屬性序列表格差異檔(Attribute Ordering Table,AOT)個別整 合到一個主要的多資料型態知識表格和主要的屬性序列表格中,並用來調整弱隱含法則 來達到表格演化的能力。第二年我們將持續強化我們的網路攻擊知識庫以及動態知識擷 取元件,並著手設計成協同的動態知識擷取系統與協同式策略來協助第三年進行實際整 合從各個搭載動態知識擷取元件的區域知識庫系統所產生的演化物件的知識。並且協助 專家定義大量的環境資訊來發覺更多其它新的物件知識。我們將提出數個演算法來幫助 專家容易的萃取新物件的隱含法則。此外,我們也將分析電腦蠕蟲和分散式阻斷攻擊並 研製一個網路攻擊模擬環境來評估協同式動態知識擷取系統的效能,結果顯示新的變種 物件可以被快速發覺並可以快速的通知專家,並協助他們利用動態知識擷取元件萃取出 新演化物件的隱含法則。
    Knowledge acquisition is known to be a critical bottleneck of building knowledge based systems. Due to the explosion of knowledge, substantive knowledge can be classified into static substantive knowledge and dynamic substantive knowledge. Many knowledge acquisition methodologies have been proposed to systematically elicit rules of static substantive knowledge from domain experts in the past twenty years. However, none of these methods discusses the issue of discovering dynamic substantive knowledge including variant knowledge and evolutional knowledge due to the lack of sufficient information. Hence, how to collect sufficient information to help experts notice the occurrence of new evolved objects and to reuse and extend the original knowledge base becomes increasingly important in the knowledge acquisition field. Most of the existing systems employ the Repertory-Grid test in eliciting static substantive knowledge to identify different objects and distinguishing these objects in a selected domain. EMCUD (Embedded Meaning Capturing and Uncertainty Deciding), one of a Repertory Grid based knowledge acquisition tools, has been proposed to elicit the embedded meanings of knowledge (embedded rules bearing on objects and object attributes) to classify objects and guide experts to decide the certainty degree of each embedded rule using an attribute ordering table (AOT), which records the relative importance of each attribute to each object, for extending the coverage of original rules. Our idea is to monitor the frequent inference behaviors and the trend of weak embedded rules with lower certainty degree and learn the candidates of new evolved objects and then guide the experts to extract the dynamic knowledge of these objects according the trend of inference behaviors. In this research project, we will propose a new iteratively collaborative dynamic knowledge acquisition method to notify experts to extract the embedded rules of new evolved objects. Each primary component will be scheduled to deliver year by year within the three years project. In the first year, we will design network intrusion knowledge base and the Dynamic EMCUD to collect sufficient inference log and then notify experts the occurrence of evolved objects through observing the frequent inference behaviors and tracing the trend of evolutional behaviors over time in a changing environment. The Dynamic EMCUD can integrate a small acquisition table increment and a small AOT increment into the main acquisition table and the main AOT, respectively, for adapting the weak embedded rules to achieve the ability of grid evolution. In the second year, we will continuously enhance the network intrusion knowledge base and the Dynamic EMCUD component can be easily extended as a collaborative framework to integrate the new knowledge of new evolved objects generated from every local KBSs and help experts easily discover some other new evolved objects in the collaborative KBS with sufficient context. Besides, we will also design a collaborative for the implementation in the third year. Five algorithms are proposed to help expert easily extract the embedded rules of new objects. We will analyze the behaviors of computer worms and distributed DoS attacks and will be used in the attacking simulation environment, which will be delivered in third year, to evaluate the performance of Dynamic EMCUD. The results show that the new variants can be discovered and experts can be easily notified to quickly extract the knowledge of new objects according to the Dynamic EMCUD.
    Appears in Collections:[Graduate Institute & Department of Computer Science and Information Engineering] Research Paper

    Files in This Item:

    There are no files associated with this item.

    All items in 機構典藏 are protected by copyright, with all rights reserved.


    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - Feedback