| As one of the most important network security technologies, intrusion detection becomes more and more attentive between researchers and departments of governments. Along with the continuous developments of intrusion detection technology, the precision and efficiency of detection engines become more and more important, especially the trade-off between false positive and false alarm. Data Mining is a new kind of technology based on machine learning arises these years, it grows quickly in algorithm and applications. Now, the use of data mining algorithms in intrusion detection is a new direction of the study of the intrusion detection, which is widely studied by companies and universities.Least Square Support Vector Machine (LS-SVM) is one of the most important data mining and machine learning method, which is extended from the famous SVM learning algorithm and better in scalable data learning speed. This thesis mainly researches the application of LS-SVM in intrusion detection. After studying the theory background of data mining and SVM, we propose an intrusion detection model based on LS-SVM. We also have done a lot of experiments on DARPA intrusion detection data set. On the other hand, we have researched the intrusion detection system and platform based on LS-SVM, and developed a real-time intrusion detection system prototype based on LS-SVM. Our work includes:(1) Proposed an intrusion detection model based on LS-SVM. LS-SVM is a kind support vector machine. It has a good efficiency of classification, and is widely used in machine learning and pattern recognition. Aiming at the high false positive and false alarms, we try to apply LS-SVM in intrusion detection, expecting higher performance. Experiments on KDD-Cup 99 data set proved that intrusion detection technology based on LS-SVM is better than traditional SVM in training time and false alarm, also this kind of technology has small sample size and lower false positive than common machine learning methods.(2) Developed an intrusion detection system prototype based on data mining. In this thesis, we proposed the main architecture, component structure and data structure of the prototype. We designed a new dynamic model training and import method, which makes the system self-adaptive. Meanwhile, we developed the packet capture and reconstruct modules, feature pick-up and model matching modules. Related experiments proved that this prototype has good real-time feature.(3) Designed and developed a real-time intrusion detection system platform. Platform research is an important work in intrusion detection researches. Now, there is a problem that we don't have unified and compatible platforms. So, it is hard to compare different kinds of intrusion detection systems and technologies. This thesis analyzes the features of various intrusion detection systems, and designed and developed a full functioned and compatible real-time platform on the basis of DARPA intrusion detection data set. |
PDF Full Text Request