Research Of Intrusion Detection Technology Based On Neural Network

Along with the increasing scale of the Internet, the network emerging services have been gradually affecting people’s daily life. Meanwhile, network security issues have attracted more and more attention. In the face of the developing trend of increasingly complicated network security problems, Intrusion Detection System (IDS) are applied to evaluate the security of the computer system and network by real-time analysis of the computer system, network and user event information. The intrusion detection technology in the traditional environment has always been the research hotspot of the research institutes, within which the means of improving the detection performance of the IDS is crucial. Moreover, cloud computing as a new computing mode, has changed the traditional computer architecture, but its characteristics of virtualization, distribution, and large scale have brought huge challenges to intrusion detection. In order to effectively deal with these new challenges, the research of intrusion detection system in the cloud environment has also been endowed with important practical significance.Neural network has its advantageous characteristics, such as self learning, associative memory and high speed parallel computing, which makes it possible for it to be widely usedin many application fields, including intrusion detection, and the application of neural network technology in this field has invoked widespread attention of relavent experts at home and abroad. Based on the neural network theory, this paper studies the problem of intrusion detection system in the traditional environment and the cloud environment. Firstly, in allusion to the problems of traditional distributed intrusion detection system, such as the potential peril of failure of singlepoint caused by the central node load, in Chapter 2 we put forward a distributed intrusion detection system with high speed parallel computing which is easy for VLSI implementation and high detection accuracy based on the cellular neural network. Then, in Chapter 3, we research the intrusion prevention system which can protect the target host and the operating system from being damaged, predict the attack behavior and then take effective response measures to protect data, to make up for the lack of active defense capabilities of the traditional intrusion detection system. In pace with the development of cloud computing, the limitations on intrusion detect rate and the detection speed, such as the real-time detection of massive invasion data, increment detection for the new attack, etc., have proved that the traditional IDS system cannot satisfy the demand of IDS systems for cloud computing environment any more. Therefore, this paper studies the cloud network intrusion detection system in Chapter 4. The core technology of Cloud computing is virtualization. In cloud computing environment, the migration process of virtual machine is likely to suffer from safety problems, such as abnormal migration processing caused by the back door defects or hacker attacks. Therefore, in chapter 5, this paper studies the virtual machine migration monitoring system, in an attempt to guarantee the security of virtual computing environment. The main contributions of this thesis can be shown as follows:(1) A distributed intrusion detection system based on Discrete-Time Cellular Neural Network (DTCNN) and State Control Cellular Neural Network (SCCNN) is put forward. In the system, the hierarchical DTCNN classifier is used as a local node detector, and the improved one-dimensional SCCNN model is used as a global detector. Each local node detector detects the local invasion behavior independently, and then exchanges the detection result with adjacent nodes periodically, which constitutes a global detection model. In view of the local detection system, we design the template parameters based on improved particle swarm algorithm, i.e., constructing a new fitness function from the energy function, to avoid the algorithm fall into convergence and finally find the optimal solution. In view of the global detection system, we proposes a template parameters solving method on the basis of linear matrix inequality to help the system obtain the stable output. Compared with other DIDS methods, the simulation results show that this detection model has better detection performance.(2) We propose an intrusion prediction model based on the time series analysis method. To reduce the false alarm rate of intrusion prediction problem, avoid damage to data and improve the accuracy of the intrusion prediction model, we propose a network intrusion prediction model based on the improved ARIMA algorithm, using the BP network to map the differential equations of grey network, and then using the improved grey network to modify the ARIMA predict model. In addition, in order to improve the prediction accuracy of network traffic, we put forward a network traffic prediction model based on improved minimum complexity echo state network and wavelet decomposition theory. First of all, the original flow sequence should be decomposed by wavelet. Then, the dimensions of the sub sequence should be decomposed by using the minimum mean square and error change to improve the minimum complexity echo state network. Finally, the forecast sequence results should be integtated by using the weighting factors. Simulation results show that the above methods can be used to model the network traffic data to measure the security situation of the network and predict the intrusion behavior, and the prediction method has high accuracy.(3) We propose a cloud intrusion detection algorithm based on improved growing hierarchical of self-organizing maps neural networks, among which Mapreduce PCA algorithm is used to reduce the dimension of massive invasion of data, improved GHSOM is used to detect the dynamic update reduction data, and genetic algorithm is used to optimization the connection weights of the incremental SOM subnet to accelerated the convergence of the detection network. Simulation experiments prove that the cloud intrusion detection system based on the improved GHSOM algorithm can detect the intrusion in real-time with dynamic adaptability and expansibility, and a high detection rate for the new type of attack.(4) In the monitoring process of virtual machine migration, the monitoring of resources and the scheduling of the migration strategy have caused wide public concern. To schedule the migration strategy, we propose a virtual machine migration detection method on the basis of improved CNN. By monitoring the load of target virtual machine, the process of scheduling the migration strategy can be mapped to the traveling salesman problem, the improved energy function helping the network output reaches its steady state. The relationship between parameters is determined by the local rules and global rules of the migration scheduling, and through the analysis of the relationship, solving the parameters can be converted into solving the constrained optimization problem. Then, the template parameters are solved by improved particle swarm algorithm based on bubble sort algorithm, preventing the algorithm from dropping into local optimum. Finally, the simulation results verify the validity of the proposed method, and the migration duration and the migration data can be reduced effectively.