Research On Key Technology Of Intrusion Detection Based On Intelligent Soft Computing

The security of computer network plays a strategic role in modern computer systems with the widespread use of network. Intrusion detection technique has become increasingly important in the area of network security research. But the infrastructure of network becomes more complicated. More extensive application of distributed environment, Mass Storage, high bandwidth transmission speed and a few novel or cooperative intrusion happen constantly, which cause new interest in intrusion detection research. Soft computing is a novel methods constructing computational intelligence system. How to construct high intelligent intrusion detection system is of great practical significance to obtain ability of self-learning and self-adapting in IDS and to satisfy the need of real-time monitor and quick response in IDS.This work makes an intensive study of key issues of intrusion detection based on intelligent soft computing, The influence of genetic-fuzzy classifier, neuro-fuzzy classifier, SOM neural network, PCA neural network and artificial immune distributed agents to Intrusion Detection are discussed. We research further the expression of fuzzy rule and optimization algorithms of the fuzzy rules base. Then, the combining of the unsupervised learning and supervised learning are investigated. We further research the dynamic evolution of immune antibody. Thus, the main research contents and innovative points are the follows:(1) Research of intrusion detection technology based on genetic-fuzzy classifierThe network security is a fuzzy notation. We would obtain rules with more high hierarchical and wider scope by applying fuzzy logic. A new method incorporating fuzzy logic and genetic algorithms into the classifying system based on fuzzy association rules to extract both accurate and interpretable fuzzy If-Then rules from network traffic data for classification is proposed, and utilize genetic algorithms to optimize the classifier. This genetic-fuzzy classifier based on fuzzy associative rules can make accurate judgments without enough evidence to improve the performance of the IDS. In order to improve the capacity of self-learning and self-adapting, new rules are produced according to misclassified example. A revised fuzzy-rule iterative learning algorithm is applied in Intrusion Detection System. To reduce the search space of fuzzy rule candidate, the population is initialized with the individuals randomly chosen among the pre-screened rules. The pre-screening process is completed by the usage of support and confidence. Experiment results indicate the efficiency of the algorithm.(2) Research of intrusion detection technology based on SOM neural networkTraditional intrusion detections belong to misuse detection system with higher False Alarm Rate mostly. This thesis constructs a new classifier based on SOM neural network, the application of the LVQ algorithm after unsupervised learning training with SOM neural network improves classification performance in this domain. Simulation experiment makes sure that the neural network tained by the combining of the unsupervised learning and supervised learning would attain higher detection rate and lower false positive rate. At the same time, a model integrating the functions of data compression and classification in principal component analysis technology and the ability of online computing in neural network is constructed in our thesis. Experiment approves that the classifier based on principle component analysis technology would improve the capacity of real-time detection by decreasing the dimension of input network packets.(3)Research of intrusion detection technology based on neuro-fuzzy classifierThe critical problem of network intrusion detection system is how to improve its response speed. To improve the detective efficiency, the thesis constructs a Hierarchical Neuro-Fuzzy Inference intrusion detection system which can implement either misuse or anomaly detection. In the proposed system, the input data is clustered by applying an enhanced Fuzzy C-Means clustering algorithm to create and extract fuzzy rules. The system developments a two-level neuro-fuzzy inference system to detect intrusion. Experimental results clarify that the proposed intrusion detectors have enough detected rate and classified rate, lower false alarm rate.(4) Research of intrusion detection technology based on artificial immune distributed agentsA novel model of intrusion detection based on distributed Agents is presented according to the similarity of artificial immune systems and intrusion detection in the paper. Dynamically evaluative equations for self, antigen, immune tolerance, mature-lymphocyte lifecycle and immune memory are presented, and the hierarchical and distributed management framework of the proposed model is built. Furthermore, the application of agents to distributed information and security surveillance in network security. The experimental results show that the proposed model has the features of real-time processing that provide a good solution for network surveillance.