Research Of Intrusion Detection Firewall Based On Semi-Supervised Clustering

With the rapid development of network technology and the constantly expanding range of applications of network, various types of network attacks and damage have been increasing. With regard to the increasingly acute problems of network security nowadays, how to notice all kinds of intrusions quickly and effectively seems quite important for the guarantee of the security of the system and the network resources. Firewall and the access control are the traditional safety components and the first defensive line of recent network security. However,the traditional way of static defense is very difficult to meet the needs of network security, intrusion detection systems which act as a proactive security protection technology, are able to effectively remedy the defect of the firewall static protection,which is an important part of the information security protection structure. The research about intrusion detection methods and techniques have attracted more and more attention. Intrusion detection, combining with firewall technology, can establish linkage security systems, which can effectively make up for their respective shortcomings. However, there are still many problems about the running way of linkage systems. Firstly, as the large scale increase in network transmission rate, the efficiency of the pattern matching algorithm based on the rules of intrusion has become the bottleneck of intrusion detection system. Second, the framework of intrusion detection and firewall protection relates directly to their own safety and attacking detection efficiency. Furthermore, the treating method of the system log matters with the quantity and quality of the alarm information of the linkage systems.This paper, regarding problems above, studies intrusion detection firewall based on semi-supervised. The research includes three aspects:(1) single pattern matching algorithm; (2) intrusion detection system and firewall processing method; (3) processing method of the system logs. The achievements of this paper are listed as below:(1)Single-pattern matching algorithm:Based on the shortcomings of QS algorithm frequently used in intrusion detection systems, two improved fast single-pattern matching algorithms are proposed. Two improved algorithms has proved effective in increasing the shift distance and the algorithm efficiency; (2)Intrusion Detection System and Firewall architecture:With fully taking the security of the intrusion detection system and the characteristics of real-time network status, which should be reflected by the testing data into consideration, framework of intrusion detection firewall linkage system is designed based on rule transformation. In addition, with the analysis of protocol and port put into use, rule chain is made to improve the linkage system data processing capacity;(3)System log treating method:With adopting semi-supervised clustering algorithm to process system logs, senior alarming information can be generated as accurately as possible. Experiments using WEKA platform and KDD CUP 1999 data set has carried out some tests on clustering effect of the improved algorithm. Algorithm analysis and experimental results show that the improved algorithm has better detection performance, which can achieve higher detection rate and low false alarm rate.