Research On Intrusion Detection Based On Evolutionary Algorithms

With the development of computer and communication technology, damages caused by unexpected intrusions and crimes related to computer systems have been increasing rapidly. Therefore, network security which can ensure the system to behave as intended and to provide stable services become focus. Intrusion Detection Systems (IDS) extract information from a computer or a network of computers, and attempt to detect the presence of intrusions from external sources, as well as system abuses by authorized users.Actually, intrusion detection is to separate abnormal data from the normal data. Therefore, the problem of intrusion detection can be transformed into optimization problem, namely, how to find the best solution to classify the data correctly. Evolutionary algorithm (EA) is an effective algorithm which simulates the natural evolution process (i.e., surviva1 of the fittest). It begins with a population of random individuals, and converges to the fittest individual representing the optimum solutions. EA has powerful search capability and optimization performance in complex problems. Therefore, the aim of dissertation is to introduce the evolutionary algorithm into the classification of data and the confirmation of arguments in intrusion detection. By this way, we can enhance the detection rate and deduce the false positive rate.The research work of this dissertation is mainly focused on:â‘ A fter the general introduction of research background and development history of intrusion detection, the basic concepts, theories of intrusion and intrusion detection are introduced in detail. Besides, the feasibility about introducing evolutionary algorithm into intrusion detection is explained.â‘¡Before the detection, it is necessary to analyze feature selection for input data. In this thesis, the proposed algorithms to select feature are introduced. The influence of arguments on performance in particle swarm optimization (PSO) algorithm is analysed. A new algorithm combining immune system with PSO is proposed to eliminate the redundancy property, reduce the problem size, improve the quality of classification and speed up the detection. The position of the particle is expressed in a binary string, the update strategies of the position and velocity and the selection of fitness function are illustrated in detail. The results show that the proposed algorithm is efficient for feature selection. â‘¢The previous works in intrusion detection mainly focused on learning knowledge from the labeled data. Therefore, on one hand, it is inevitable that the result of detection is highly dependent on training data sets and their distributions. On the other hand, in an application, it is difficult to obtain the labeled training data sets and ensure that a set of available labeled data can cover all the possible attacks. Therefore, unsupervised classification should be taken into consideration. In this thesis, a new detection method, Network Intrusion Detection based on Unsupervised Clustering and Chaos Simulated Annealing algorithm (NIDCCSA), is proposed. NIDCCSA utilizes the ergodic property of chaos to complete the perturbation of states. Therefore, simulated annealing algorithm based on chaos is more likely to converge to the globally optimal solution and enhance the detection rate. Besides, the influence of arguments on performance in NIDCCSA algorithm is analysed.â‘£For a given data set with high dimension, it is difficult to detect attacks via traditional algorithm because of the problem size. To solve this problem, in this thesis, Network Intrusion Detection based on SVM and QEA (NIDSVMQEA) is proposed. NIDSVMQEA can effectively deal with the problem size of high dimension effectively. Before intrusion detection using NIDSVMQEA algorithm, clustering is imposed on data set using K-MEANS partition algorithm and clusters are established. The support vector is searched only when the labels in a cluster are different. The validity of SVM is evaluated by means of the fitness function of detection rate. And the optimization SVM model is established by the repeated adaptation of QEA algorithm.