| Intrusion detection is used for detecting and identifying attacks to computer systems, network systems, even more extensive information systems, or detecting the events against security strategies. Intrusion detection collects data from computer system or network and then analyzes them. If any suspected attack behaviors or anomaly events are found, then some certain responses intercepting attacks can be choose to reduce potential loss. Research on network intrusion detection system has become a hot issue in the domain of computer network security. The kernel of building a network intrusion detection system is modeling for normal behaviors or abnormal behaviors.This thesis deeply analyzes several classification algorithms with respect to algorithm's basic idea, data storage structure and executive efficiency. Compared with other classic classification algorithms, decision tree algorithm has higher classification accurate rate. But it has some shortage to use the algorithm to build an intrusion detection system model. This paper proposes a technique to generate fuzzy classifiers that can detect anomalies and some specific intrusions.Most of network events are time-related, if some of them are chosen for building decision tree classifier, it must be helpful to improve the model's detection accuracy. These numeric features are continuous, if decision tree is mined directly from numeric features, the flexibility and adaptability of the model will be reduced. What's more, numeric features will seize on most space, and classic decision tree algorithm spends more time on scanning data set again and again. Network security events are fuzzy in nature. It's not reasonable to have an abrupt separation but smooth transition between normal and abnormal behaviors. As a solution, the fuzzy logic is introduced to achieve the smooth transition. Every continuous feature in network connection records is divided into several fuzzy sets, each of which has a corresponding membership function. These numeric features are represented by a set of membership degrees. Finally the fuzzy decision tree evolving two rules, one for the normal class and other for the abnormal class. The main problem with this approach is to generate good fuzzy classifiers to detect intrusions.In general, this paper proposed a technique to generate classifiers using fuzzy decision tree that can detect anomalies. Analysis in theory and emulation experiments demonstrate that the model proposed is practically applicable to detect abnormal behaviors. Furthermore, its simple behavior pattern and lower false positive rates verify the better detection efficiency and higher performance of the model, which benefits from the introduction of fuzzy logic. |
PDF Full Text Request