The Research On PSO-Based Rule Extraction Algorithm For Intrusion Detection

Intrusion Detection System as a proactive security technology, provides real-time protection against internal attacks, external attacks and misoperation. This paper describes the concept, structure, classification of intrusion detection system and the latest intrusion detection technology, in which the expert system based on misuse detection is the most mature and most commonly used detection techniques. But it is difficult to handle manually to extract the corresponding rules from huge amounts of data, then a variety of machine-aided methods have been proposed.PSO(Particle Swarm Optimization– PSO)algorithm is a new kind of evolutionary algorithms developed in recent years, which is similar to genetic algorithm, starting from a random solution, to find the optimal solution through iteration and evaluate the quality of solutions with the fitness. But it is more simple than genetic algorithm which does not have crossover and mutation operation. It finds the the global best value through following the current best value. Particle Swarm Optimization Applications in all fields have a large number of studies, but in the area of intrusion detection is extremely rare. Therefore, this paper presents a new intrusion detection rule extraction algorithm based on the PSO to generate high-quality rule base aided by machine.The algorithm is different from the previous PSO-based rule extraction algorithm for the IDS in the following two aspects:1)The introduction of the latest quantum-behaviored particle swarm optimization (QSPO), whose global search performance is far superior to the general PSO algorithm. QPSO can effectively overcome lost into a local optimal solution and improve the quality of search results, that is to get better rule base, which has been proved in the paper.2)Proposing a new fitness function suitable for the actual situation of the intrusion detection system. In the past, the extraction algorithms also take into account lowering the false alarm rate, but the idea didn't focus on fitness function design. The algorithm proposes a new function which can select rules with higher quality in the rule extraction process and the effect has been proved in the experiment.