Research On Active Intrusion Defense System Based On Chaotic Time Series Forecasting

In this dissertation, to strong nonlinear for network traffic, the method of chaotictime series analysis is applied to predict network traffic and alarm information, andimprove the performance of intrusion prevention system. The research mainly dealswith the chaotic time series analysis and forecasting, network traffic anomalydetection and network intrusion prevention technology, cross-cutting study areas ofnonlinear dynamics and network information security.The main results of the dissertation:1. Error estimates of the correlation dimension algorithm is given theoreticallyand the power system phase space is reconstructed. The intrinsic valuesdecomposition of the embedded space matrix is completed to determine theembedding dimension of the phase space reconstruction, with the noise in the signalremoved. The intrinsic values decomposition method is improved, overcoming thedefects of selecting base coordinate by which the noise component can’t be reactedtruly. A simple algorithm is given, by which intrinsic values, intrinsic vectors, theorthonormal base coordinate of minimum embedding space as well as the projectionin the orthonormal base coordinate of the measured time series can be computed.2. Multivariate chaotic time series is predicted. The algorithm of seekingembedding dimension by false nearest point method is improved, overcoming thedefects of selecting parameter only by experience. With the intrinsic valuesdecomposition applied in principal component analysis, a new dimensionalityreduction method for multi-variable prediction is proposed. With better convergenceability and stability, the simple method can remove the redundant information inmultivariate chaotic time series. The multivariate chaotic time series predictionmethod proposed here is applied to network traffic forecasting to simulate the networkcharacteristics better.3. Based on the multivariate chaotic time series prediction model for networktraffic, the SVM is applied in abnormal network traffic classification and a networktraffic prediction model based on chaos-SVM is built. A new dimensionality reductionmethod of self-adjusting weighted feature selection is proposed and the weight ofsample characteristics is automatically generated based on its own properties. With the accuracy of the classification improved effectively and the learning and testingtime reduced, the real-time performance of the system is improved. An Alarminformation prediction algorithm based on chaos-SVM is given to optimize theoriginal rule properties and add new rules into the intrusion defense system. Thechaotic time series forecasting techniques is applied into intrusion detection based onSVM to improve the system detection rate. It is hopeful to recognize many attackvariants and new attack packets.In short, studying the chaotic time series analysis and forecasting theorythoroughly and systematically, the chaotic time series forecasting techniques isapplied to intrusion defense system successfully. With the detection and real-timeperformance improved, the system achieves pre-action response and active defensefunctions.