Research And Implementation Of Intrusion Detection Classifier Model Of Hybrid Intrusion Detection System

Intrusion Detection(ID) is a dynamic security protection technology, it can settle the issues which the traditional technologies such as firewall,access control couldn't handle. But the conventional Intrusion Detection has the problem of being lack of adaptability and efficiency. In order to improve the detection ability of the ID, the specialists try to apply the knowledge of Immunological Principle and Data Mining into intrusion detection, and bring out ID base on Data Mining and ID base on Immunological Principle.This thesis firstly introduces the background and development of the research of Intrusion Detection, details the concept and theory of Intrusion Detection System (IDS), and compares the advantage and disadvantage of each kind of detection technology. Then thesis analyses the technology of Intrusion Detection based on Immunological Principle and the technology of Intrusion Detection based on Data Mining, and thoroughly discusses the weight tree algorithm and decision tree algorithm used in these two kinds of technology. Based on above research, this thesis designs and implements an intrusion detection classifier model based on Immunological Principle and an intrusion detection classifier model based on Data Mining. The previous classifier model adopts the weight tree algorithm to build an weight tree forest which reflects the process's normal system call behavior, then detects the process's abnormal behavior according this weight tree forest, this classifier can be applied to host-based anomaly IDS; the latter classifier model adopts the decision tree algorithm to build an decision tree which reflects the intrusion attack's character, then uses the intrusion detection regulation deriving from the decision tree to detect the intrusion on network, this classifier can be applied to network-based misuse IDS; the two models'validity on intrusion detection has been proved by experiment. In the thesis, the two classifier models will be applied to a hybrid intrusion detection system, which will communicate and collaborate with honeypot system and firewall system to constitute a perfect network security system.