Research On Intrusion Detection Algorithm Based On Bayesian MARS

With the development of computer network and global informationization, security of computer network becomes to be an important problem .Therefore, a kind of technology to detect intrusion and protect system from intrusion is needed and called as intrusion detection technology.At first concepts, classifications and development status of intrusion detection system are introduced in the thesis. Then characters and extraction method of system calls to privileged process are studied and analyzed in detail. Because the threat to system caused by system call to privilege process is significant and the behavior of system calls is regular and can be monitored in real time system call sequences to privilege process can be used as feature data for intrusion detection algorithm. According to the weak ability for classification, large amounts of computations and weak real-time ability of existing intrusion detection systems a kind of technology which is established on Bayesian multivariate adaptive regression splines is used to classify feature data. MARS (Multivariate Adaptive Regression Splines) is used as discriminant function for classification and parameters for MARS are determined by Bayesian learning algorithm and Markov chain Monte Carlo algorithm in Bayesian multivariate adaptive regression splines method. The random learning algorithm improves the robustness and keeps the accuracy in parameter acquiring compared with the traditional definite learning algorithms. The high level of rate for recognition is guaranteed by accurate MARS parameters. The better effect of intrusion detection for the combination of privilege process with Bayesian MARS is verified in a number of experiments. The simulating implementation of the algorithm and results of experiments are given in the end of thesis.