Research Of Techniques For Feature Extraction And Ensemble Learning In Intelligent Intrusion Detection

With the rapid development of Internet, hackers' attacks are becoming more and more severe, thus Internet security defense is doomed to be a serious concern. It is estimated that a single hacker incident takes place every 20 seconds, just within U.S.A and the total economic loss caused by such attacks amounts to more than one thousand billion U.S dollars in a year. Internet security has been a focus of modern social concern. For the time being, Internet security technology includes intrusion detection technology, fire walls, security routers and so on. And among them, intrusion detection systems (IDSs) have relatively better identifying ability against various sorts of intrusions so IDS turns to be a main part of the P2DR (policy, protection, detection, response) security model.From Anderson's intrusion detection conception model in 1980s and SRI corporation's designing and successful achievements of the famous IDES to nowadays' IDS products, although intrusion detection technology has made great progresses, it still has some defects and disadvantages such as low detection rate for novel attacks, high frequency of false alarms, etc. To solve this difficult problems in intrusion detection, machine learning and data mining techniques in intelligent IDSs has become a hot topic in the literature. This dissertation focuses on the feature extraction and automatic data classification based on machine learning in intelligent IDSs and makes some preliminary progresses in the following aspects:1. Feature extraction methods based on Principle Component Analysis (PCA) and Kernel Principle Component Analysis (KPCA) are studied. Large amounts of experiments for intrusion detection with the KDDCUP99 dataset are conducted, and the results demonstrate that the data dimension using KPCA is a half of that using PCA and the detection rate of KPCA is improved by 3 percent.2. The existing problems in intelligent intrusion detection systems are discussed and an intrusion detection model based on ensemble learning is proposed. This model selects a group of neural networks using genetic algorithm and experiments show that using the ensemble learning method, the detection rate is better than that of using any individual networks.3. A system architecture based on ensemble learning is designed for intelligent intrusion detection systems so that higher detection rate and learning efficiency can be obtained by using...