Research On The Techniques Of The Intrusion Detection Based On SVM And Bayesian Analysis

Intrusion Detection is one of the network information security techniques to detect the intrusion in computer network system. Catering to the developing trend and application demands, this dissertation focuses on the key techniques of the intrusion detection based on Support Vector Machine (SVM) and Bayesian analysis. The research and its main innovations are as follows.(1) It proposes SVM co-training model with mutagenic factors for intrusion detection on a little sample data. Making full use of the unmarked mass data, both the accuracy and the stability of the detection algorithm may be improved based on the iterative training of two classifiers'detection results. The introduction of mutagenic factors into multiple iterative operation in co-training reduces the possibility of lowering the training effects due to overwork. Simulation experiment shows that the accuracy of the detection in the research increased by7.72%than that of the traditional SVM algorithm and that it depends much less on both the training dataset and the detection dataset.(2) It also proposes SVM Tri-training for intrusion detection on a little sample data. Making full use of the unmarked mass data, this approach is based on the iterative training of three classifiers' detection results. In this way the cross validation is not applied, the scope of application is broadened and the accuracy is.increased. Simulation experiment shows that the accuracy of the detection in this research increased by21%than that of SVM Co-training and that the excellent performance becomes more apparent with the increasing cycle index.(3) It proposes a high efficient classification model which consists of three interactive parts and may classify the detected attacks automatically and systematically. We employ the modified Bayesian analysis to train the classifier. Abnormity-based intrusion detection is often subject to its classification ability and therefore security researchers pay much attention to the study on the attack classifying techniques. Simulation experiment shows that the utilization of resources and the attack classifying accurcy are much improved.(4) To the imbalance of "performance-accuracy" which is common in the high speed network's intrusion detection system, this essay proposes a double model to recognize and filter in advance the P2P flow which takes relatively major proportion. This model consists of the single-flow Bayesian Network recognition algorithm and the multithread SVM recognition algorithm. Simulation experiment shows that compared with the traditional flow-based recognition algorithm, the accuracy of the detection in this research increased by5.4%with a good stability.