Research On IDS Based On Rough Set

With the gradual development of the computer network and attack technique, the traditional security technique has not been sufficient for the requirement of network security. Intrusion detection as a sort of initiative security technology can detect the intrusion not only from out but also from in, and it is an important complement to firewalls. Currently, there have been a lot of research results in the field of intrusion detection, but these results can not effectively detect the newest attack, and also cannot build accurate models for normal users' activities, existing high false positive rate and false negative rate which are the currently urgent problems to be solved when detecting the intrusion.This article analyses the advantages and disadvantages existing in the current intrusion detection. On this base, fuzzy-rough set theory and Probabilistic rough set theory are respectively applicable to intrusion detection techniques. And the innovations are made as follows:(1) An intrusion detection method based on ICA and fuzzy-rough set model has been put forward, which adopts ICA algorithm to distill the collected statistics according to the characteristics before the analysis of network data in order to eliminate redundant attributes to lower dimensions. And then fuzzy-rough set model can be used to analyze data, so the problems brought by the incompleteness of network data to the intrusion detection have been settled.(2) An incremental rule learning algorithm based on probabilistic rough set model has been put forward and is applied to the distillation of intrusion detection principles, which resolves the principles distillation problems arising in inconsistent decision-making form. And also a regular dynamic renovation strategy has been brought forward and solved the updating problems when principles were in use. In the end, the two detection methods above have been respectively validated through emulating experiments which compared the experiment results with the same methods, and tested the validity of detection methods proposed in this article in aspects of improving detection rate, lowering false positive rate and false negative rate.