| Nowadays,the issue of network security is becoming more and more prominent.Intrusion detection technology,as powerful means of network security protection,is the focus of current research.There are some problems such as low detection accuracy,low detection efficiency,poor system robustness,and poor self-adaptability existing in intrusion detection technology.This thesis contains a reasonable solution to solve above problems.The essence of intrusion detection can be classified as a two-category problem.Support Vector Machine(SVM)as the basic classifier of detection engine in intrusion detection system has been used in this thesis to design a parallel and efficient algorithm(BPSVM algorithm).And in order to process the new data,the KKT-RS-SVM algorithm is proposed.The main research contents of this thesis are as follows:(1)Based on Bagging parallel integration classification algorithm,BPSVM algorithm is designed.In the design of parallel components,the principal component analysis(PCA)technique is selected to optimize the high-dimensional intrusion detection data.which greatly improve the efficiency of the classifier for training model and predicting data.Using the parallel SVM classifier and integration strategy for majority voting,the classification effect is better than a single classifier,effectively improving the classification accuracy.At the same time,the parallel scheme can effectively avoid the single point failure problem.Failure of any classifier will not affect the operation of the system,improving the system robustness.(2)In the partial design of the incremental algorithm,the original sample retention set algorithm(RS algorithm)is proposed.The algorithm fully considers the vectors affecting the classification accuracy in the original sample,and to a certain extent,improves the classification effect after incremental training set.(3)In the overall design of the incremental algorithm,using the RS algorithm to preserve the original sample set,and combining the KKT conditions to filter new samples to form an overall algorithm,namely KKT-RS-SVM algorithm.The algorithm effectively combines the new sample with the useful information of the original sample into a new training set,which preserves the maximum amount of valid information,effectively updates the training set,and improves the system's ability to adapt to new samples.Finally,the BPSVM algorithm and the KKT-RS-SVM incremental algorithm are tested by classical intrusion detection data set(KDD CUP99)and the latest data set(CICIDS2017).The experimental results show that,compared with the single PCASVM algorithm,the classification accuracy of the BPSVM algorithm increases by about 3%.Compared with the parallel SVM,the detection time of the BPSVM algorithm decreases by about 21.9%.At the same time,the robustness of BPSVM is verified by simulation of single point failure.In addition,the availability and high efficiency of the KKT-RS-SVM algorithm in intrusion detection are proved by simulating incremental samples. |
PDF Full Text Request