Research Of Feature Extraction Method And Realization In Intrusion Detection System

With the rapid development of Internet, hackers'attacks are becoming more and more severe, thus Internet security defense is doomed to be a serious concern. It is estimated that a single hacker incident takes place every 20 seconds, just within U.S.A and the total economic loss caused by such attacks amounts to more than one thousand billion U.S dollars in a year. Internet security has been a focus of modern social concern. For the time being, internet security technology includes intrusion detection technology, fire walls, security routers and so on. And among them, intrusion detection systems (IDSs) have relatively better identifying ability against various sorts of intrusions, so IDS turns to be a main part of the P2DR (Policy, Protection, Detection, Response) security model.From Anderson's intrusion detection conception model in 1980s and SKI corporation's designing and successful achievements of the famous IDES to nowadays'IDS products, although intrusion detection technology has made great progresses, it still has some defects and disadvantages such as low detection rate for novel attacks, high frequency of false alarms, etc. To solve this difficult problem in intrusion detection, machine learning and data mining techniques in intelligent IDSs has become a hot topic in the literature. This dissertation focuses on the feature extraction and automatic data classification based on machine learning in intelligent IDSs.1.Feature extraction methods based on Principal Component Analysis (PCA) and Kernel Principal Component Analysis (KPCA) are studied. Large amounts of experiments for intrusion detection with the KDD-CUP99 dataset are conducted, and the results demonstrate that the data dimension using KPCA is a half of that using PCA and the detection rate of KPCA is improved by 3 percent.2.Studied the problems in the intelligent intrusion detection,and adopted the data mining in the intrusion detection system. Proposed the principle of Apriori algorithm and CAEP and approve these methods in characteristic extraction,in intrusion detection, unifies ORACLE9i the data mining engine, analyzes its establishment classification, forecast and is connected several kind of basic mathematical models, as well as how to access the building and scoring functions of this model through JAVA-based APIs3.A system architecture based on data mining and ensemble learning is designed for intelligent intrusion detection systems, so that higher detection rate and learning efficiency can be obtained by using the self-learning function in neural networks.