Research On Real-time Intrusion Detection Technique Based On Neural Network Theory

Along with the progressive development of computer network technology, the security problem of network is becoming increasingly important. A primal intimidation of network security is that hackers intrude into information system through network. Especially, different kinds of key information stored in computer network often suffer the attacks by malice and illegal users, so as to, these information is acquired or destroyed illegally, even result in the network paralysis. So, the protection of network and it's information is becoming important topic. Conventional network security techniques( such as firewall, encryption technique etc)have limited defense effects, but all of them belong to the category of static security techniques, their main drawback is that their implementation and maintenance need manual work, and cannot actively follow intruder. In consideration of this, real-time intrusion detection technique that be able to dynamically , actively realize network defense is becoming one critical technology in the field of network security day by day.The thesis emphasizes on researching how to apply neural network in real-time intrusion detection for high-speed computer network. We circumstantially analyzed the new evolvement in this field, gave some beneficial spreads and improvement, and raised several innovation. Our main job lists as follows:(1) We researched conventional neural network BP learning algorithm, by synthesizing changing-step, learning-rate-changeable-policy and amending-study -function, we proposed one kind of modification study algorithm - BP-MA algorithm, hugely ameliorated the efficiency of study, so, our algorithm is more suitable for the demand of real-time intrusion detection.(2) On the basis of development status and insufficiency of anomaly detection technology based on program behavior, we put forward one host-based anomaly detection model based on neural network. After analyzes the characteristics of program behavior, we present the thoughts to monitor program behavior on the degree of privileged program. At the same time, we directly employ the raw data as the import of neural network, and omit the complex coding process, thereby simplify the algorithm complexity. In the design of neural network, we adopt Repeatedly-drilling& Cutting-branch means to reduce the complexity of NN and the time complexity of algorithm, improved the recognition rate of NN without depressing the real-time quality.(3) The intrusion detection system based on host integrated with IDS based on network can supply more comprehensive protection to the overall system, in this dissertation, we aim at the situation that the network bandwidth rapidly exalt whereas the processing speed of IDS on high speed network is scant, present a type of real-time intrusion detection model based on high-speed network. This model possesses extensibility, realizability, portability, hierarchical tructure etc merits, give full play to the predominance of NN's parallel processing. In order to attain the real-time demand, to the neural network input vector handle, we proposes one easy and highly-efficient encoding method: " extensive numeric encoding ". What's more, in the design of NN detector, we pose the Repeatedly-drilling&Cutting-branch training method and Self-studying&Re-encouraged neural network to improve the recognition capability to intrusion attack and variant, and the experimental evidences indicate that the network can continually study new knowledge, thereby it possesses higher detection-rate to intrusion variant. In the meantime, by large numbers of practical network communication and intrusion offensive data packets, we validated the validity of this model in real-time intrusion detection for high-speed network.Last of all, the dissertation summarizes the whole development work and discusses the future research in this field.