The Application Of Anomaly Analysis In Network Intrusion Detection

With the increasing development of network technology, the problem of network security is also becoming increasingly severe. As a proactive safety protection technology, anomaly detection, which intercepts and responds to the intrusion before the network system has been endangered, sets a multi-level defense to protect the network. Anomaly detection has received a lot of researcher's attention.Most of the intrusion detection system adopts the methods of expert system or ex post analysis currently, which lacks the capability of online real-time intrusion detection. Anomaly analysis detects the abnormal behaviors from a large amount of network information to adopt the corresponding safety protection measures. Based on the study of features and analysis of intrusion detection, this thesis focuses on the research of anomaly detection technology to give a guide line to the design of online network anomaly analysis model and system. The main contents are as follows:①The importance of network anomaly detection has been analyzed, and the TCP / IP protocol have been analyzed aiming at the features of intrusion behaviors. The vulnerability of network and intrusion behaviors which are commonly seen has also been analyzed and their features provide a data characteristics basis for the anomaly analysis.②Based on the study of the current anomaly analysis technology, an unsupervised incremental anomaly analysis algorithm based on local outlier factor is proposed, which improves the effectiveness of anomaly detection and reduces the false rate of anomaly detection. And based on this algorithm, an anomaly analysis detection model was designed, which implements the online real-time detection of anomaly behavior, making the discovery of anomaly behavior as early as possible in order to take certain security measures.③Under the Linux operating system, a prototype system is implemented using the Libpcap open-source function library. The prototype system carries out real-time statistical analysis to the features of network traffic, and then detects the anomaly behaviors to find the network anomaly behaviors in real-time. The effectiveness and correctness of network anomaly analysis model is tested and verified through experimental tests.