Study On Method Of Data Analysis And Its Correlative Technologies In Intrusion Detection Systems

With the coming of information times, computer networks have become the requisites for the production and life in the modern society. And they must be or have become the foundations of all the world in 21 century. All these elements spurred the rapid development of research on network security. The problem of network security has become one of the research focus of information technology.Intrusion detection is a new mechanism of active defense presented in recent years. It has been an important technology of network security. The current study on intrusion detection technology was analyzed in the paper, and the problems of data analysis and adaptively building models in intrusion detection systems were researched also.The research works included in the thesis is as following:The network security situation and security technologies were analyzed. The research history and status-quo of intrusion detection technology were summarized. The disadvantages of existent methods of intrusion detection were analyzed in detail. The developing aspects of the study on intrusion detection were given.A modeling method of distributed intrusion detection systems based on the theory of matter element analysis was presented. The classical matter element was introduced. Then an extended matter element named compound matter element was presented in order to reflect the lever features of audit events. The event of intrusion detection was mapped to the Extenics sets. The problem of intrusion detection was translated into an appealing method of matter element transform and relation joint function of Extenics sets.The method of constructing the feature space of network information was put forward. The mechanism of gathering information and the extraction of features in networked intrusion detection was studied. The feature data was normalized based on them. The status space was built to reflect the security features of networkinformation.A method of unsupervised anomaly detection based on Principal Components Analysis was given. After the study of the PCA theory and extracting method, the model of normal behaviors with intrusive data was built by PCA model. The process of finding solution was simplified by using MLP with the symmetrical structure. At last, the emulation was conducted according to the algorithm presented above in order to prove the function and the validity of the method.The method of automatic classification of intrusive attacks was studied. The automatic clustering technology was applied into the classification process of attacks. Time discounting K-means and SOM algorithm was presented aiming at the characteristic of time sequences of network communication. There is an ability of deceasing the historical knowledge in the method. So the information of attacks can be distinguished exactly according to different characteristics.An automatic learning method of intrusive rules based on evolutional selection was proposed. The extracting model of the problem was searched by using the evolutional selection theory in the feature space of network information. The evolutional operations were running through operators. The correct detection rate of the rules learned by RIPPER was used the function of fitness. So the individuals with high fitness were produced. The features of the given attack were automatically summarized. The experiments were conducted with the intrusive data in order to prove the validity of the method.