The Research On Intrusion Detection Method Based On Rough Set

With the development of computer networks and information technology, people use the internet more and more frequent which makes the network security issues become more crucial. As a crucial technology to protect the security of network system, intrusion detection has become a hotspot and an important direction of network security. As an new a mathematical tool , rough set provides a relatively complete set of learning methods in small samples. It could find the relationship between attributes in sample data set and filter out important attributes which reflect the essential relations between data. At the same time, it could get the minimum prediction rule sets effectively in accordance with the important attributes singled out previous which fits for real-time detection system. Therefore, the research on rough set theory in intrusion detection applications has an important meaning.The attribute reduction of rough set theory is a NP-hard problem, so how to obtain the minimum attribute reduction set quickly and accurately has become a hotspot in current research. This thesis presents an improved algorithm for attribute reduction,and uses a concept of weighted average importance of attributes as a heuristic function to guide the reduction process. The algorithm sorts attributes according to the weighted average importance, which ensuring that the most important attributes can be reduced firstly. Experimental results show that the algorithm can obtain the minimal relative reduction quickly and accurately. It also obtain a high detection efficiency in the process of dealing with intrusion detection data.Classical rough set theory has been introduced into intrusion detection research by some researchers. However, during the data preprocessing process, they disposed the numerical attribute using a discrete algorithm which will bring in inevitable losses of information and impact the detection results to some extent. This thesis presents an intrusion detection theory based on Neighborhood rough sets. As this method introduced the concept of neighborhood based on rough set theory, it is unnecessary discretizing the data which will bring information losses. Experimental results showed that the algorithm can get a higher detection rate and lower false alarm rate.