Research On Intrusion Detection Based On Abnormal Data Analysis

With the popularity of the Internet and the increasing number of Internet users, the Internettechnology has got rapid development and the problem of network security has also appeared.Until December,2014, the number of Chinese Internet users has reached649million,46.3%ofwhich have encountered network security problems, especially those frequent network attacksaiming business and personal information. When detecting these attacks through the IntrusionDetection Dystem (IDS), a mass of alarm messages will be produced, which are scattered anddisordered, difficult to be understood and managed. Therefore, it is difficult for the networksecurity administrator to find the intruder’s attack process from the vast amounts of data andmake the corresponding defense.In order to solve the problem that the abnormal data will produce large amounts oftenebrous alarm information in the intrusion detection system, this paper adopts the intrusiondetection technology based on abnormal data analysis to reconstruct the scene and fuse alarminformation, utilizes MapReduce for distributed computing, thus to improve the real-timecapability and accuracy of the algorithm. The main works of this paper are as follows:1)Raised the abnormal data analysis technology based on scene reconstruction andalarm fusionThis work raised the abnormal data analysis technology based on scene reconstruction andalarm fusion for the problems of alarm information with a high repetition rate and low quality,which can eliminate the redundant alarm information and build the complete attacking route ofattackers.2)Designed the parallel alarm fusion algorithmAs for the problems of mass alarm information generated in the intrusion detection byabnormal data，this paper designed the parallel alarm fusion algorithm, which can improve thereal-time performance of the algorithm and avoid the lag of alarm information.3)Designed and achieved the Intrusion Detection System based on abnormal dataanalysisThe experiment result and comparative analysis on the real abnormal data set showed thatour design of intrusion detection system based on the analysis of the abnormal data is feasible,and has certain advantages.