Adaptive Masquerade Intrusion Detection Algorithm Based On Fuzzy Set And Its Application In The Security Of ASP Service

Masquerade intrusion is a security problem that is difficult to be dealt with and it exists in many network-based information systems. Theoretically, all kinds of the anomaly detection method could be applied to detect masquerade intrusion. However, due to the variation of user action and the similarity between masquerade user and normal user, ability of the detection algorithm to adapt to different users is lower and the performance improvement is very limit. In our work, we focus on the selection of sliding window size, decision variable, detection algorithm and adaptive model update. All these work are related to the key issues of the intrusion detection algorithm, for example, uncertainty information process and parameters setting, etc. The research work has the important sense both in theoretic and practical factor.The innovation of this thesis is as follow:(1) A method for deciding sliding window size. By applying conditional entropy, a new algorithm for deciding sliding window size is proposed. It is proved that the window size of the HMM is approximately equal to the window size of sequence that is generated by the model.(2) A method to transform the likelihood of sequence to models. Applying genetic algorithm to compute the maximal and minimal value of the likelihood, the sequence's likelihood can be normalized to a reasonable decision value.(3) A detection algorithm based on interval type-2 fuzzy set. In the algorithm, three features of the user are selected and the corresponding user trustee computation methods are defined, and the final user trustee is got by applying interval type-2 fuzzy set data fusion. And it can improve the ability to deal with uncertainty information in the detection process.(4) A fast clustering algorithm. A new similarity measurement is proposed and model-based clustering is applied to the clustering algorithm. Model update is not necessary in the clustering algorithm, and its computation complexity is lower than that of conventional model-based clustering algorithms while the clustering...