The Feature Generating Technology Based On Genetic Algorithms And Its Applications

As the kernel technique among Network Security technologies, Intrusion Detection has been developed enormously. With the higher bandwidth and new attacks emerging in endlessly, the traditional detection systems, which are based on detection rules constructed manually by expers of information security, has been not able to adapt the current requirement of Network because of its low efficiency, low accuracy and slow update-speed of rules.In this thesis, based on the study and analysis of the limitation of existing IDSs (Intrusion Detection Systems), we proposed a new approach to generating optimum detection rules based on extension matrix and Genetic Algorithm ( GA) theory and a grading-detection model based on fast pattern matching.The accuracy and generalization of detection rules are two key factors for IDS. In this thesis, taking the data set KDD99 as the experimental object, the mathematical model of rule generation was built, the selection of the optimum feature subset is achieved using extension matrix theory and Genetic Algorithms, the extraction and optimization of attack rules are achieved using Genetic Algorithms, thereby this method actualize resultful disposal of volume data. The experiment results show that the rules generated by our method are simple and can reflect characters of problems, its detection effect indicates that it is superior to other approaches and more adaptable to the requirement of detection under high-speed Network condition.In order to improve the performance of IDSs further, a grading-detection model based on last pattern matching was designed in this thesis, the detailed flow and experiment result of fuzzy detection rules accurate detection rules are presented according to the optimum rules generating method, the fuzzy detection rules generated accomplish the function of elementary filtrateion and the exact decision are accomplished by the accurate detection rules, effectual disposal and analysis of the data set are achieved through combing the two kinds of rules. At last each function module of detection model are designed and analysed briefly, and a simple distributed cooperative IDS is designed and deployed.