| With the development of network technology, intrusion methods become more and more diverse. Therefore, the security threat of computer network intensified increasingly. Intrusion detection is a new technology which plays an important role in network security. For the intrusion detection system, the effectivness of classifier and the fusion technologies are important factors in improving the performance of detection system. In this paper, according to the technology of feature fusion and classifiers integrate, the problems which are the intrusion detection with unlabeled data, the intrusion detection with classifiers fusion and the intrusion detection for unknown intrusions classification are studied.The mean achievements are as follows:(1) Due to the problem of parameters-setting for clustering based intrusion detection system, a new unsupervised clustering algorithm for intrusion detection is proposed. Through the algorithm, the parameters of intrusion detection system based on clustering are able to set easily and the performance to classify unlabeled data is improved. Experimental results demonstrate the effectiveness of the algorithm.(2) In view of the factors, which affect the performance of intrusion detection system, a feature extraction method is proposed. Combining with other two feature extraction technologies, an intrusion detection system based on classifier fusion is constructed. In this intrusion detection system, the characteristic of difference-complementary between classifiers is used. Simulation results show that the classifiers fusion based detection system has better performance than that of single classifier system.(3) Due to the low level of information acquisition about abnormal behavior in intrusion detection system, a method for information acquisition based on classifier serial structure is proposed, and then, an intrusion detection system based on classifier serial structure is constructed. In this system, two algorithms are proposed, after that, by the means of combining the proposed algorithm and the classifier which used the technology of mapping an intrusion detection system for information acquisition is constructed. Experimental results show that the proposed algorithms have better performance for classification and the detection system is effective for information acquisition of the intrusion class.(4) In view of the disadvantage of anomaly detection system, which can only detect the unknown intrusions but hardly classify it, a system for unknown intrusion classification is proposed. The system consists of three modules:the anomaly detection module, the information filtering module and the information acquisition module. In this system, a support vector machine algorithm based on clustering reduction is presented, which is used to carry out the function of anomaly detection. After that, one class classifiers are used to perform the information filtering function, from which the unknown intrusions are obtained. In the end, an algorithm for class mapping is proposed, which is used to get the information about the unknown intrusions. Simulation results show that the detection system is effective for unknown intrusions classification and has better performance.In the end, the remaining problems of the paper are discussed, and the future works are listed. |
PDF Full Text Request