Research On Intrusion Prevention Technology Based On Multi-label Learning And Semi-supervised Clustering

The network security has become a foucus of concern for people.The network security technologies we used, such as firewalls, intrusion detection systems, etc, can not meet the demands of the network security problem. So, intrusion prevention system(IPS) has come into being. IPS can distinguish the potential attacks and then block the implementation timely through deep inspection and analysis of the network traffic, which colligates the advantage of intrusion detection system and firewall.The core technology of IPS is the intrusion detection.Traditional intrusion detection algorithms focus on the single-label dataset; each example has its own clear identification with one single label. But in the real network,samples usually have more meaning, which often can be associated with multiple labels simultaneously. Aiming at some problems in current techniques of intrusion detection algorithm and misuse detection, this article puts the theories and methods of multi-label learning into it and puts forward an new intrusion detection algorithm based on multi-label and semi-supervised learning applied(SML-KNN).Moreover, a new intrusion prevention model which is based on SML-KNN algorithm is constructed.The SML-KNN algorithm is derived from ML-KNN(A Lazy Learning Approach to Multi-Lable Learning).The core of ML-KNN is k-Nearest Neighbors(k-NN),which is a supervised learning algorithm. It’s usually difficult to obtain known label sets during the supervised learning and unsupervised learning with no prior training samples for training,which is hard to establish the characteristics of the sample library. Semi-supervised learning can use the less labeled samples to guide the largerer unlabeled ones to help and build the classifier learning.Thereforce, this paper has applied semi-supervised learning based on k-NN and proposes SML-KNN algorithm.Simulation experiments show the the speed of execution of SML-KNN algorithm has improved. And the performance of SML-KNN is obviously superior to semi-supervised Kmeans algorithm(SK-Means) and semi-supervised fuzzy K- means algorithm(SFCA).Moreover, the experiment also selects some representative experiment data based on the actual network conditions and adds some portsweep, satan, back, teardrop intrusion records.Compared with the general intelligent intrusion detection algorithms, SML-KNN can improve the detection rate and also reduce the false positive rate.At last, we present an intrusion prevention system model based on multi-label learning and semi-supervised clustering. It includes preprocessing module, detection module and defense module. This paper proposes a deployment of intrusion prevention application based on the deployment of the firewall and the intrusion detection. The IPS model proves to be feasible by the simulating experiment.