Research Of Intrusion Detection Discuss Method Based On Inverse Cloud Theory

The problem exists in the present Intrusion Detection Systems (IDS) that bears simple judgment and can not assist the system to assure the normal services. The Cloud Theory proposed by Li De-yi and IDS are combined to construct the map between the qualitative concept knowledge and the quantitative data. The mathematical transformation between the qualitative and quantitative descriptions in IDS is realized by employing the qualitative description of individual performance state with the inverse cloud generator and the positive. On this basis, an IDS method based on the data-mining and inverse cloud generator is proposed. The data preprocessing is the key of intrusion detection, so the data with high quality can only imply finer detection effect. The inverse cloud generator is used for preprocessing data in this paper. It can eliminate the data with lower quality for further optimization.The partition of discrete numerical value intervals is the basis for constructing the qualitative estimation cloud generator and the premise of applying the cloud theory in the IDS. On the basis of discussing the IDS, inverse cloud theory and data-mining, for computing the local outlier coefficient of each data preprocessed by the inverse cloud generator, a new method for partitioning the discrete numerical value intervals is proposed, i.e., the method of local outlier coefficient wave (LOCW). This method does not change the distribution of original data and has the characteristic the data congregate in same interval and evacuate between different intervals. The experiments proved the performance of the method.For qualitatively describing the possibility of system intrusion, a new method based on multi-sensor weighted average amalgamation method and LOCW is proposed. Under ideal condition, using the amalgamation method of multi-sensor weighted average to calculate the weight of systematic main performance index and weighted combining all values of individual performance indexes can imply synthetically ideal estimation. The characteristic values acquired by using the inverse cloud generator to process data again on the basis LOCW can be used to construct the qualitative estimation cloud generator by the positive cloud generator. By qualitative description of possibility for the present intrusion detection occurrence, one method based on data-mining and inverse cloud generator for intrusion detection is realized. Its performance is proved by the experiment results.