Research On Intrusion Detection System Based On Protocol Analysis And SVM Multi-Classification

The rapid development and application of Internet brought us great convenience, but also opened the door for hackers, brought us a huge security risk. Facing the growing number of attacks, how to identify a variety of attacks, quickly, accurately and effectively, is a pressing problem. We need urgently to develop a new intrusion detection method to deal with the serious network security issues, we are facing. Intrusion detection essentially can be described to classify the sample date as correctly as possible, for which the key issue is the choice of feature selection and pattern recognition method.In order to design a new type of network intrusion detection system, intrusion detection technique, protocol analysis in intrusion detection, SVM (Support Vector Machine) technique and fusion of SVM multi-classification were studied in this paper. Protocol analysis and SVM classification are two types of popular techniques used in intrusion detection. We can use protocol analysis techniques to assembly fragmented packets and analyze the true meaning of packet data, and use SVM pattern recognition method to learn the characteristics of normal packets and attack packets to construct SVM classifier. This article proposes a new intrusion detection model, which combines the advantages of two techniques, based on protocol analysis and SVM classifiers combination. The idea of this model is to process the packets intercepted from network using protocol analysis techniques, that classify the packets according to the protocol fields, and extract protocol features and content features, and statistic flow features; and then train SVM classifiers using the sample dataset obtained from previous processing, so that each classifier can identify an attack; And combine the classifiers trained according to fusion strategies to detect the packets passing through for distinguishing between packets and attack packets to detect the intrusion behavior urgently and notify the network administrators to reflect accordingly.In this paper, KDD Cup 99 data sets and SPSS Clementine software are used to simulate and test the model and the test results show that the proposed method can improve the efficiency of intrusion detection and reduce the false negative rate effectively.