| With the development of Internet, security of computers is indispensable, hence, intrusion detection system (IDS) become a hot topic in recent years. Anomaly detection can statistically identify unknown attacks which are inconsistent to normal behaviors known before. Currently, anomaly detection is developing slowly and has some defects such as high rate of false alarm. Main technical difficulties include: Firstly, it is hard to establish a model of normal network behaviors. Training with mass of samples can increase the recognize ability of the model, but it is at the price of wasting plenty of time and decreasing the real-time property. Secondly, it is necessary to eliminate noise from network. Data from network is changeable, heterogeneous and high-dimension. Good performance of filtered analysis to those noisy data is important to NIDS.Based on a systematical summary of relevant works on intrusion detection, this dissertation focuses on theory of intrusion detection method, puts forward a model of anomaly detection method. This dissertation applies on intelligent algorithms for classification, evolutionary computation and data compression, establishing a model of intelligent intrusion method and gains several achievements on some sub-topics. The major contributions of this dissertation are as below:1. This dissertation proposes an intelligent intrusion detection method based on Support Vector Machine (SVM). The necessity of detection is a problem of nonlinear classification. SVM resolve that through multi-constraint optimization and find a decision function to classify the network behaviors. SVM applies only small size of training set, overcoming the shortage of traditional statistical learning method. It finds a global minimum of the actual risk upper bound using structural risk minimization, and the model trained from SVM has high quality of over-generalized property.2. This dissertation proposes an improved BPSO-SVM algorithm to optimize parameters in SVM. Values of parameters, such as those in kernel function, are vital for efficiency of SVM. Improved BPSO-SVM algorithm solves that problem and increases the accuracy of detection.3. This dissertation adopts Rough Sets Theory (RST) to reduce datasets. In order to classify the attacks, IDS deal with huge amount of data, including redundant and noisy attributes. Hence, Attribute Reduction (AR) is necessary to specify a candidate subset of attributes for shortening the training time of SVM. RST reduces the attribute space, while maintaining the classification ability of datasets and increase the real-time ability of detection. Meanwhile, the remaining key attributes of data is useful to analyze the characteristics of different types of attacks. |
PDF Full Text Request