The Research On Intrusion Detection Algorithm Based On Cloud Theory

Intrusion detection technology is a key technology of network security defense system. It collects information of the network and the host, then analyses and detects the information according to the security rules, and alarms at and solves the detected intrusion events.By now, there is problem of a high false-rate and low detection-rate in Intrusion Detection Algorithms. On the one hand, it is the ever changing type of the intrusions with their random characteristics and uncertainties. On the other hand, the normal mode can not be accurate defined, characterized and established, as a result that Algorithm can not effectively lead to identification of intrusion attack.Cloud theory, as a theory which can realize transform between quantitative values and qualitative concept, is able to operate a class of data and generate the cloud to reflecting the characteristics. The cloud needs only expected value, entropy and hyper entropy which greatly simplifies the expression of the data characteristics, and enhances the data processing efficiency. In recent years, researchers have applied cloud theory to intrusion detection technology and made some significant attempts to work.In this paper, based on a system study of the basic principles and related technologies of intrusion detection technology and the cloud theory, we proposed a cloud-based intrusion detection algorithm. The main tasks are to:1. Studied the principle and characteristics of the Forward Cloud Generator and Backward Cloud Generator, then applied it in intrusion detection module and the normal data modeling, and proposed a cloud-based anomaly detection algorithm, In order to achieve fast and accurate detection of abnormal data .Through the intrusion detection of KDD CUP'99 data set, which provided by the MIT Laboratory, the results showed that the algorithm achieved an average detection rate of 98.66 percent, and an average false alarm rate of only 1.87%. The effect of detection is greatly improved which proved that the algorithm, to a certain extent, can solve the problem mentioned above and effectively detect abnormal data.2. It is important for intrusion detection algorithm to choose feature selection methods to improve the detection effect.Aimed to the shortcomings of the mutual information method in low classification accuracy and incompetent to continuous data. We proposed an Entropy and Mutual Information feature selection algorithm (EMI), and compared with the classical feature selection algorithm, such as mean square error, entropy method, and chi-square method. The experiment showed that, in the same test data, the EMI algorithm not only got the least Characteristics number, the least error samples, the lower error alarm rate, and the highest detection rate, and also solved the incompetent to continuous data.