| Along with the increasingly wide applications of computer and network technology, especially transmit of governmental and military information in the network, the network security problems are more and more remarkable.Because new attacks ceaselessly emerge with the intrusion technologies, firewall and other passive security methods cannot provide complete protection. As an important and active security mechanism, Intrusion Detection will reinforce the traditional system security mechanism. Intrusion detection techniques can help us to detect attacks against computer system by monitoring the behavior of users, networks, and computer systems. By monitoring and analyzing, the anomalous and illegal activities been taken can be discovered, which include attack using security vulnerabilities by legitimate users or unauthorized access. In addition, Intrusion Detection System (IDS) can diagnose which type of attack or malicious activity is taking and then take active response to stop the intrusion.Intelligent Methods for Intrusion Detection System is hot spot in the field of network security, and application of pattern recognition and data mining in IDS is worldwidely concerned and worldwide studying. As an important method of pattern recognition, artificial neural network has the capability of self-organization, self-learning and generalization. Application of neural network in IDS can not only identify the known attack, but also can detect the new attack and abnormal event.In this dissertation, the existing intrusion detection models and techniques are elaborated first Aiming at some key problems of IDS, some intrusion detection model based on neural network are designed, which integrate other techniques such as data mining, artificial immune system, gray theory and so on. Then the experiments on the Intrusion detection benchmark datasets confirm their validities and feasibilities.Main contributions of these studies include the following parts:First the paper analyzes several popular attack methods, which are helpful for the following designing of our IDS. Then the summary of the existing intrusion detection models, technologies and classification are specially emphasized, and their merits or shortcomings have been compared in detail. Meanwhile, the development trend of intrusion detection techniques is briefly concluded.According to the standard of KDDCUP'99 and by adopting numeric mixed coding, 41 features of the captured network packets are extracted and transferred into numerical form which can be accepted by neural networkIn this paper, we present a misuse detection model based on hybrid neural network and decision tree. The key idea is to take advantage of different classification abilities of neural network and decision tree algorithm for different attacks. Neural network has higher performance to DOS and Probing attacks than to R2L and U2R attacks. However, according to the theory of information gain, C4.5 can accurately detect the R2L and U2R by extracting the rules from the content features. What is more, the model can also be updated by the C4.5 rules mined from the dataset after the event (intrusion). We employ data from DARPA'98 to train and test feasibility of our proposed model. From the results of our experimental on the network data, our model achieves high detection rate on average, and low false alarm rate for five typical types of attacks.For detection of the DOS attacks, G2SOM(Generalized Grey Self-organizing Maps) is presented. The self-organizing maps is an artificial neural networks model and algorithm that implements a characteristic nonlinear projection from the high-dimensional space of signal data into a low-dimensional array of neurons in an orderly fashion, which is made by T.Kohonen. But its weight adjustment is determined only by its learning rate and the difference between the input pattern and the winner neuron's weight. It seems that the SOM obviously ignores some (implicit) correlative relationships during the learning, which actually exist between the input...
|
PDF Full Text Request