Research On Protocol Analysis Based On Decision Tree In Intrusion Detection

With the progress of network, security problems become more and more important. However, the traditional security device fire ware is unable to defence network alone. Intrusion detection system plays an important role in supporting fire wall. The simple patten matching technology is used in most IDS products. However, it has the problem of low efficiency and high false alarm rate. In order to solve the problem, the article put forward the idea of using decision tree to realize intrusion detection system based on protocol analysis. Protocol analysis technology is used to reduce the search space into single area according to the regularity of the protocols. The forecast ability of the decision tree model that constructed by decision tree method is used. In other words, decision tree method and protocol analysis technology are combined to realize intrusion detection. The method of application layer protocol analysis technology and using decision tree method to construct intrusion detection model are explored. The process of intrusion detection is realized by traversing the decision tree. At last, the thesis proves the higher accuracy and higher efficiency of the method through experiments.The thesis is devided into four parts. The back groung of the intrusion detection research, the category and development of the intrusion detection, the latest researches at home and aboard and the existing problems in intrusion detection are discussed in the first part. Then the objectives and methods are described. In the second part, the implementation of protocol analysis is described in detail. Firstly, the preprocess module is imtroduced. Then the protocols of the application layer are analyzed specifically. At last, some attributes based on statistics are given out. In the third part, the concrete process of using decision tree to realize intrusion detection based on protocol analysis is described. It includes the structure and construction process of intrusion detection decision tree and the detection process of using the decision tree. In the fourth part, the architecture of the IDS is pictured in the beginning. Then, the experiments prove that the system has high detection efficacity, the detection accuracy and the usability.