Hybrid Intelligent Model And Application To Intrusion Detection

Information security playes important role with the fast developments of networks, and up to date several techniques such as encryption/decryption, firewalls, and security policies have been implemented to protect data and systems. Particularly, intrusion detection system (IDS) has been presented to detect attacks that bypassed the prevention methods. This dissertation devotes to hybrid intelligent model based intrusion detection technique.The first part of the dissertation devotes to introduce the basic concept, detection procedure and current development tendency of intrusion detection. We give a brief review of the principle functions and classification of intrusion detection systems, together with the current reserche situation. Furthermore, the possibility of applying the hybrid intelligent models to intrusion detection is also discussed.In the second part, such divide and conquer method based hybrid intelligent models as prototypical neural network tree (NNTree), multiple objective optimization based interpretable and comprehensible NNTree, multi-templates matcher based NNTree, features self-organized learning based NNTree and R4-rule bsed NNTree are investigated. With the help of neural network tree, we designed a hybrid intelligent models based algorithm for detecting networks intrusions. The experimental results derived from DARPA'99 database indicate that the proposed scheme can act as available networks intrusion method and superior to single neural network based scheme.In the third part, echo state network tree (ESNTree) is constructed on the basis of deep investigations of recently presented echo state network which characterized by large number of neurons, recurrent pathways, sparse random connectivity, and local modification of synaptic weights, and classification ability of ESNTree is also analyzed in detail. Compared with the well-known schemes such as support vector machine (SVM) and data mining based intrusion detection techniques, experimental results from KDD'99 database indicate that the proposed scheme has superior properties with respect to detection rate and false alarm rate.