Research On Linux Host Intrusion Detection System Based On AdaBoost

With the outstanding of the importance on the techniques of intrusion detection,and the ever promoting position of Linux operating system, the research on Linux in-trusion detection system is considered surely of great significance. At present, Linuxintrusion detection system is mainly used for the pattern construction based on rule-matching and data integrality, so most of them do not have self-adaptive intelligence,and are also weak at extensibility. Hence, the performance of detection is to be im-proved. In this thesis, a Linux host intrusion detection system is designed, by usinggrid technology, as well as AdaBoost―an ensemble learning algorithm. The main novelcontributions of this thesis are listed as follows:Grid technology was used in the design of Linux host intrusion detection system.In this system, grid environment was build by Globus Toolkit on the data collectionnodes; the Linux host's feature data and the network's feature data correlated to theLinux host were collected on the distributed nodes; the integration and access of thedistributed feature data were realized via grid middleware OGSA-DAI; and the relateddata were send to analysis center as one of grid services. By using grid technology,the problems of traditional LHIDS in load concentration and weak extensibility wereeffciently solved.A reduction algorithm based on AdaBoost is proposed in the paper to reduce theintrusion features redundancy. On the basis of the algorithm, two classifiers: Adaweighted-classifier and Ada threshold-classifier are constructed, and compared withsupport vector machine classifier. The results on the Linux host intrusion detectionsystem experimental platform confirmed the effectiveness of the feature reduction al-gorithm and classification methods.An intelligent hierarchical intrusion detection method based on AdaBoost is pro-posed in the paper. With this method, several hierarchical classifiers were cascaded fordetection and an Ada threshold-classifier was constructed in each level. The intelligentintrusion detector was trained and tested on the Linux host intrusion detection systemexperimental platform. The experimental results show that the proposed method hasideal performance of detection.