Intrusion Detection is an essential component of information security infrastructure protection mechanism.It acquires and analyzes information from many key positions on network,thus it monitors the network and ensures its security.The main shortcominings of current Intrusion Detection System(IDS) include poor scalability, poor adaptability, incapablity to detect unknown new type of attacks ,low detection rate and high false positive rate etc. To improve the detection rate, this thesis focuses on intelligent intrusion detection technology.The thesis introduces two detection methods for network anomaly intrusion detection. one is based on BP neural network (BP-NNs), the other is based on hierarchical cluster analysis. The implementation of these methods are detailed and experiments on KDDCUP 99's network intrusion data are described. Merits and shortcmings of both detection technologies are analyzed and compared. Though these methods are reasonable and effective, experiments show that the technology based on BP-NNs has superior performance in anomaly detection. Thus, the thesis further studies in intrusion detection based on BP-NNs.Since the rate of network convergence and ultimate intrusion detection effect are directly influenced by the initial weights of BP-NNs, the thesis propose to use the Genetic Algorithms (GAs) to optimize these weights. Because of the global searching characteristic of GAs, the optimum initial weights can be achieved, which will improve the BP-NNs' rate of convergence and stabilization of the network performance.Experiments show that compared with the original BP-NNs,this new algorithm dramatically improves both in the detection accuracy rate and in the false positive rate. |