The Research Of Intrusion Detection Technology Based On Artificial Neural Network

The growing demand for network services continually tows the development of network security technology. Currently as an active defense in the security protection technology, intrusion detection has been one of the hotspots of research in the field of network and information security. Because the traditional intrusion detection system (IDS) has some difficulties in updating the rule sets and establishing statistical model, there are high false alarm rate and false negative rate. It is especially difficult to detect the denial of service attacks. Therefore, in the development of new intrusion detection technology, joining the artificial neural network into the intrusion detection system is an important research direction.Aiming at the shortcoming of the traditional IDS in detecting denial of service attacks, the research of intrusion detection technology based on artificial neural network technology is evolved in this thesis. The major works are as follows.(1) On the basis of studying the working principle and the workflow of existing IDS, an intrusion detection method of denial of service attack based on artificial neural network is advanced. By adding time, connection status and service-related attributes in the features of detection, the intrusion detection based on network-packet-level can be accomplished.(2) An IDS based on artificial neural network is designed and implemented. At the same time, to fully play the predominance of the misuse detection and anomaly detection, a model that the neural network is integrated in Snort is designed. To further reduce the false alarm rate, a technology based on feedback detection is improved.(3) The realized system is tested. The training and test data are extracted from the standard intrusion detection off-line evaluation datasets. Different neural network technology are using in the contrastive experiments. The result of the experiment using RBF neural network is compared with the other results. This thesis has predominance in detecting DoS. And in the training using a large number of samples, RBF algorithm has better effect than BP algorithm.The results show that this system has higher detection rate and low false alarm rate in detecting the denial of service attacks, and has higher detection capabilities in detecting the unknown intrusion behavior. It is of importance in the research and engineering practice of intrusion detection.