Optimization Of Attributes Based On Network Connection Records

The opening of TCP/IP protocol makes the Internet become the largest computer network all over the world. However, the opening brings more and more serious problems in security. As the Internet becomes widely used in our daily life, especially in business area, the security problem will effect the future development of the Internet directly.Many network security technologies, such as firewalls, access control and data encryption, have been developed and adopted. Intrusion Detection is another important network security technology, and signature-based Intrusion Detection System is the most popular one now. Especially, the optimization of the features is the key work.The features selection directly affected the classification models precision and detection accuracy for intrusion data. Selection of features has intimate touch with prior knowledge and initial data. Hence, for the sake of the comprehension of feature. We will carry on detailed analysis and interpretation to data packets of TCP/IP .By analyze the data packet, we find the damaging data flow and learn about the characteristic of it for the optimization of features; Yet the data packets are not intuitionistic and comprehend comparativelymore difficultly as analyses. For the sake of the indication data packets more intuitionistic and necessaries for the experiment. We need Carry on the preprocessing formation concatenate record by the initial data package and give detailed interpretation to every feature of concatenate records. Moreover by reversal experiments. What we do for improve the efficiency and accuracy of the classification model was chiefly the next work :(1) By means of optimizing features repeatedly, we make a satisfactory feature set. By testing the abnormal classification model, the set improve the classification accuracy and cut down the misstatement rate? At the same time we analyze the factor affected. the classification accuracy of detection model; We analyze difference and reason of every experiment results.(2) By means of changing time window size and analyzing the relation of class fiction rate and the time window, we get a satisfactory time window . At the same time we analyze the difference of each experiment result and reason of its generation The amount of work based on the abnormal detection modeling of network concentrate in the preprocessing phase of networking protocol analysis. Before the given amount of audit data packets of network, The training data set is divided against the test data set anthology proportion. Statistics feature selection and time window size have great effects on detection capability of network abnormal detection model. As to experimental data sets and classification feature, we choose the regular data of 70%~80% as the training data set. We calculate the best detection capacity of statistics feature at30-35 sec and 180-210 sec time window.