Research On Intrusion Detection And Network Attack Behavior Prediction

With the development of network and information technologies, the Internet willobtain the widespread popularization and the application. With the prevalence and broadapplication of the latest generation of technologies, for instance Cloud Computing,Internet of Things, Smart Cities, Mobile Internet and MicroBlog, the hidden trouble ofinformation security is more and more remarkable. Due to the constantly developing ofoffensive and defensive, the sufficiently evolution of security loopholes, widespread useof new technologies, the existing security conception and mode has to face hugeimpacts. Therefore the issue of latest security problems could not be well solved bytheir traditional ways. As an important and active security mechanism, IntrusionDetection will supervise the computer system and network by monitoring maloperationof protected system and the attacks from both the external and internal network. Beforethe network system threatened by invasion, it could detect intrusion attack timely andalarm to avoid a malignant accident. During the process of intrusion, it would triggerthe alarm device and provide the dynamic defense by cooperating with firewalls. Afterbeing attacked by network hackers, it would provide detailed attack reports, and thenthis information would be stored and analyzed by system. In conclusion, IntrusionDetection will bring comprehensive defense and enhance the network security greatly.Focusing on the network intrusion events and network attack behaviors, this paperproposes an effective detection algorithm and an accurate prediction model.(1) A novel method on HCRF (Hidden Conditional Random Field) for intrusionevent detection. Due to the high dimensionality of network intrusive data, the first stepis to reduce the dimensions of the original data, and then the selected data is normalizedfor reducing or eliminating the differences caused by attribute measure. According todifferent types of original session records, the corresponding feature vector sequenceswould be established, at the same time the corresponding labels are obtained. Till nowan intrusion detect model based on HCRF is built to detect intrusive events and classifythem into different categories. Experimental results show that this method has a goodperformance in finite sample and high dimensional data, that is to say this methoddoesn’t require complex and time-consuming calculations and can achieve highdetection rate. This algorithm not only could guarantee detection rate and false alarm rate, but also can reduce the time spent in training and testing. It’s obviously verified theviability and effectiveness of feature selection.(2) A novel method on HMM (Hidden Markov Model) for network attackbehaviors prediction. Generally speaking, attack process in the network usually includesa series of attack steps, and different attack steps will trigger different alarm information.With the deepening of the attack, alarm message is accumulating. According to thesealarm information, an attack predict model based on HMM is established. Thisprediction model could be divided into two layers:1) observation layer which consistsof risk value of alarm information;2) hidden layer which represents the threaten level ofthe system. This method achieves that once known the current threaten level can wepredict the system state of the next moment. Experimental results show that this methodperforms well in attack prediction.Finally, the summary of this paper is given and the future direction of the researchis presented.