Research And Improvement Of DIDS Data Analysis Based On Teaching Network

You can see the application of network everywhere today, and the problerm of network security is more serious day by day. The Intrusion Detection System (IDS) has been the second security line after the Firewall, and the network security has been under the protection of IDS, but the fault alarm and omission alarm is seious in IDS, to some extent, the system can't intercepted the changed attack, and to some new attacks, it has no choice but let them go. The data analysis of IDS can't identify and intercept the new attacks, so it is to be improved and enhanced.The data annlysis is important in IDS. It will have a direct bearing on the performance of the level of IDS. For extance, the pattern matching algorithm has low efficiency and high omission rate, and it took long time to detect attacks; the combination of pattern matching and protocol analysis is used in IDS, the efficiency of indection is improved, but it can't meet the requirement of network security, so it is going to be improved.This article mainly contains several points as following:(1) After the study of network attack technology and hacker technology, the comprehension of attack attribute is more engrained; and with the analysis of attacks attributes, it lays a theoretical foundation for improvement of data analysis.(2) Analysis Genetic Algorithm (GA). Based on the principle of genetic evolution and the inspired way of searching the space of network attributes, the intrusion rules selflearning method was advanced. The good attributes would be chosen based on the new algorithm, and then the new rules would be born. It could indect the changed virus, and the efficiency increases.The decision tree algorithm was improved too. According to the ID3 altorithm fault of selecting the attribute with more values, the information gain formula is improved, the decision tree based on new algorithm would be simplified, and the new rules were born at the same time, which included main attributes, the indetection had been improved. Then the fault rate and omission rate decrease.(3) Designed and realized each function module of data analysis module: protocol analysis module, session tracking module, broken packet and decoding treatment module, the last is preventing yellow pages module, which is designed for network teaching. At the same time, the experiment environments were deployed in the lab which proved the efficiency of alogithm improvement.