| With the development of computer technology in recent years, especially technical development in network, the computer system has developed from the independent host to open and connective system. Such changes lead to the spread of system intrusive behaviors. With the increasing complicacy of computer operating system and network communication technology, not only the complicacy of intrusion increases, but also it is more difficult to design and realize dependable security system. In addition, exploits of programming design and penetrative technology about social engineering have come to a result that intrusion prevention technology, as our first line of defense can't protect our system safely. As a result intrusion detection comes into being as another line of defense to protect our system.Based on authorized network traffic as our experiment data, we make use of reformed association algorithm on training data to generate effective association patterns. On the basis of those patterns, altered sequence algorithm is applied to produce some effective sequence rules. Association patterns and sequence rules produced by normal and intrusive dataset are separately coded according to a certain way. Sequence rules including only intrusivebehaviors are produced after these two coding rules aggregation are compared. By virtue of these sequence rules, we can establish temporary and statistical features that can describe intrusive behaviors effectively and distinguish normal activities from anomalous ones.We apply basic and statistic features to classification algorithm respectively to establish foundational and extensive classification models. Both of the classification models are applied to testing dataset to compare the misclassification rates and analyze the reason. By utilizing classification models, both normal and intrusive behaviors can be detected. In addition, iterative experiment will be done to improve the accuracy of classification models.
|
PDF Full Text Request