Research On Learning Based Intrusion Detection Algorithms

With the extensive applications of Internet technology, network information security is becoming one of the key issues urgent to be solved for the computer network system. Traditional data encryption techniques and firewall techniques are no longer capable of meeting the increasing requirements of the information security field. As active security defending means, intrusion detection methods have received much interest in dealing with the network information security issues.Due to the variety and complexity of network intrusion attack means, simple pattern matching based or statistical analysis based methods do have certain limitations. Intrusion detection algorithms with the self-learning capability have posed great potentials. Aiming at the high false detection rates of currently widely-used intrusion detection methods and the uncertainty existing in the network, several intrusion detection algorithms based on learning are focused in this dissertation. The main contributions and innovations are given as follows:(1) Data preprocessing of Kddcpu99, including numerical, normalization, feature extraction using information gain for performance evaluations of the proposed intrusion detection algorithms are performed, which effectively reduce the dimensions of data set Kddcpu99.(2) An improved negative selection algorithm based on cosine similarity is proposed in this dissertation. Symmetrical cross entropy with fuzzy similarity measure is used to determine the type of attack data in the detection phase of the negative selection algorithm. Simulation results have shown that the proposed algorithm has higher detection rate.(3) Aiming at the high false alarm rates of currently used network intrusion detection methods, a new method of evidence assignment and combination with Dempster-Shafer theory is proposed to identify network attack data. In this method, extracted features are identified by a multi-generalized regression neural network classifier, which determines the basic probability assignment respectively. The output result of the multi-classifier is regarded as evidence to form the final mass function for decision making using certain combination rule. Due to the ability of self-learning and generalizing competence of generalized regression neural network and the ability of Dempster-Shafer theory to deal with ignorance and missing information, the proposed method can effectively recognize the uncertain network data, and thus reduce false alarm rate significantly. The validity of this method is verified by computer simulation utilizing KDDCUP99 evaluating dataset.