| Network-based Intrusion Detection System (NIDS) produces data about local network usage. The NIDS reassembles and analyzes all network packets that reach the network interface card operating in promiscuous mode. All the machines in a network segment benefit from the protection of the NIDS.The rough set theory and its extension model - variable precision rough set ~ address most important areas such as describing object sets by attribute values, reducing attribute descriptions, analysing attribute significance, generating decision rules. NIDSs need processing large amount of data at the same time and need real time responses,which be fully met by the rough set theories. So the combination of two can achieve a good result.This thesis presents a variable precision rough set based network intrusion detection system model. The model, which as well based on the Common Intrusion Detection Framework (CIDF), has 4 parts and each part has its own funtions.Then we disscuss the system flow and how an intrusion is collected, analysed and responded to. The detection module has 6 steps, in which the data collection and the data reduction are the essential ones in the detection module. In the data collecion we use winpcap as the tool to carry out the funcion. In the data reductive part we introduce the rough set and variable precison rough set theory as the main algorithms.We calculate the variable dependencies and likelihood between every attributes and generate a rule to make decision.In the last part we test the model's function by experimenting it in a small scale mimic networking environment. The study of the results indicates the correctness of this model and achieved a accuracy of 97.6%. At last we analyse the drawbacks of this model and discuss the further works. |
PDF Full Text Request