Study Of Intrusion Detection Model Based On Genetic Algorithm And Neural Network

The problem about computer network security becomes more and more outstanding with the rapidly increasing connectivity and accessibility of the Internet. Network security techniques include router filter, firewalls, intrusion detection(ID), audit, counteroffensive and etc. In these techniques, router filter and firewalls are static security techniques, and others are dynamic security techniques. Static security techniques work on preventing invalid access of system,but they probably bring unknown loss when genuine network attacks occur,especially novel network attacks. Therefore, some active network security defense methods and counterattack methods need to be researched. IDS is a dynamic security technique, and it has become a crucial method in network security. Presently, the false alarm rate of most IDSs is high and their efficiency is low. Aimed at these drawbacks of present IDSs, researches on IDS models and neural network-based intrusion detection are done in this paper. Firstly, arisen background, definition and functions of intrusion detection are introduced in this paper. Some intrusion detection methods, which are often used, are analyzed and compared. The basic principles of neural networks and genetic algorithm are also introduced, and virtues and drawbacks of BP algorithm and simple genetic algorithm are analyzed. It is found out that simple genetic algorithm can be improved by improving its operators. Secondly, in order to improve the efficiency of IDS, neural network and genetic algorithm based IDS model, Evolutionary Neural Network Intrusion Detection System (ENNIDS), has been proposed. The implementation of this model is researched, and the core parts of the model are analyzed and designed. At the same time, function of this model is analyzed in theory. Finally, aimed at the drawbacks of genetic algorithm, such as prematurity, bad local search ability and etc, an improved genetic algorithm (IGA) is proposed. In IGA, the relationship between crossover probability and mutation probability and individual's fitness is adopted, operators of simple genetic algorithms (SGA) are improved, and simulated annealing methods are introduced after crossover to improve enhance the local search ability of genetic algorithm. The neural network trained by IGA is introduced into intrusion detection in order to gain better result. Corresponding experiment results show that when applying in intrusion detection, IGA performs better than SGA and BP on the detection efficiency and false alarm rate. It is an attempts that using the neural network, optimized by genetic algorithm, in the intrusion detection system. It adopts nonlinear model simulating human being instead of rule-based intrusion detection model. Genetic algorithm and neural network based intrusion detection has great meaning both in theory and in practice.