Research On Intrusion Detection System Based On Native Bayes Classifiers

Since the Internet has spread, more and more people are dealing with a variety of services through the Internet. However, followed by a rampant computer viruses and hacking incidents, especially in today's network-based information age, to resist foreign attack in the open firewall not match, not to mention many from within the network of illegal incidents, such as internal users and malicious destruction of ultra vires action. How to protect your computer from attack, build a relatively secure network environment has been the first things the current. Thus, in a variety of technical support, intrusion detection system came into beingAlong with the rapid development of internet technology, the network environment is becoming increasingly complex. As the means of attack to keep the complex, intelligent, diversified direction, relying solely on static defense technologies such as firewalls can no longer meet the need for ensuring network security. Intrusion detection as a proactive information security technology, can make up for the shortcomings of traditional security protection technology and deficiencies, such as anti-virus software and firewalls. Intrusion detection method can be divided into two types: anomaly detection and misuse detection. Data mining is a hot issue in the current research in the field of artificial intelligence and databases, its goal is to large amounts of information from the database to reveal a hidden, unknown, and may have a potential value of information calculations. Data mining technology and the traditional intrusion detection technology could effectively deal with the high false alarm rate and the rate of defects such as omission.Network attack tools becoming more sophisticated, diverse and intelligent, relying solely on traditional operating system, reinforcement techniques and firewall technology, defense technology has failed to accomplish the static network security needs. Firewall technology can provide the system with authentication and access control mechanisms, encryption mechanisms to prevent unauthorized reading of information, but they are static defense system, but not detection and prevention of attacks from within the system. Intrusion detection is a dynamic security technology that can detect damage or attempt to undermine the confidentiality and availability of the system behavior. Mainly through the monitoring system status, user behavior and resource use, to detect intruders outside the system to use the system's security flaws of the system intrusion attempts, as well as system users to use the ultra vires acts.Data mining is a variety of analytical tools to use large amounts of data model and data found in the course of the relationship between the new knowledge discovery techniques. Data mining technology into the field of intrusion detection, intrusion detection systems can improve the intelligence, adaptability and scalability.This paper mainly consists of three parts as followings:The first section describes the intrusion detection techniques and the basics of data mining, intrusion detection system for intrusion detection software and hardware combination. Used to identify systems for computer systems and networks or, more broadly, on the illegal attacks on information systems, including detection of malicious attacks from outside intruders or testing, and internal legal rights of users beyond the use of illegal behavior. Traditional computer security intrusion detection system as a complement to its development and applications, to expand the protection of network and system security in depth, become the main tool for dynamic security research and development directions. Been found with vulnerabilities, attacks continue to occur, intrusion detection systems in the entire security system status, the role played by more and more. Intrusion detection technology research background and development process, then introduced the concept of intrusion detection systems, classification and standardization. Then the discussion around the concept of data mining, several key algorithms, and data mining to intrusion detection made some study. We focus on the Bayesian classification algorithm. Bayesian approach is a set of attributes and class variables on the probability of relationship between the modeling method. Bayesian features include: Allow assumptions uncertainty prediction; prior knowledge and observation of the final instance of the common assumption that the probability of the decision; adaptive incremental learning ability; a number of assumptions weighted prediction.The second part introduces the ideas of genetic algorithm, genetic algorithm is mainly to use the process of biological evolution, "survival of the fittest" rule. "Survival of the fittest" reveals the nature of biological evolution in the process of the law: the most suitable environment groups often had a greater progenies. Similar organisms in accordance with natural selection, mutation and cross the natural evolution in the preparation of computer programs are used to solve complex optimization problems. Genetic algorithm as a reference biosphere natural selection and natural genetic mechanisms thought global random search algorithms, simulated nature of biological evolution from junior to senior process, its main advantage is to optimize the solution process has nothing to do with the gradient information, only the objective function is computable, for complex optimization problems simply select, crossover and mutation genetic operators can be three kinds of optimal solutions, based on these significant advantages, genetic algorithms have been cause for widespread application and research. Genetic algorithm is to simulate the natural process of biological evolution to solve the problem of a class of extreme self-organizing, adaptive artificial intelligence technology, is a kind of bionic optimization algorithm. Algorithm selection, crossover and mutation, natural selection simulation, each generation searching finds the best individual. Feature selection using genetic algorithm can improve the Bayesian classifier speed and accuracy. Avoid the redundant features of the classification process interference.The third part of the design of a heuristic genetic algorithm, although the genetic algorithm has many advantages, but the genetic algorithm is also prone to the phenomenon of premature convergence and stagnation, so that algorithm into a local optimum cannot achieve the global optimum, but also make the algorithm convergence particularly slow speed, thus search for targets not improve. In order to overcome these shortcomings, we propose the following strategy: the elite preservation algorithms, adaptive search algorithm and state transfer algorithm. Elite preservation method is not to match an individual directly copied to the next generation to avoid the loss of the elite individuals. Adaptive search algorithm is based on the genetic algebra, through dynamic adjustment of crossover probability and mutation probability to balance the local optimization and global optimization. State transition algorithm transfers between different states, so as to realize the search space increases and decreases the ability to balance exploration and development capabilities.In this paper, KDD99 data set on a large number of experiments, ASTGA-NB feature selection algorithm has passed through several generations of optimization, select the optimal feature subset out of the use of NB in the feature subset for classification, the detection rate is concerned, Feature selection detection rate after a certain increase; relative false positive rate has a lower. On the test results have little redundancy features and the genetic algorithm has been gradually be eliminated. ASTGA and SGA were compared. In the early stage of evolution, ASTGA convergence results will be slightly less, which is caused by the state transfer algorithm ASTGA decision, the discovery of the individual, after a high fitness, ASTGA into the local search state, a smaller crossover probability, which makes the discovery of new populations reduced the probability of an individual. In the latter part of evolution, ASTGA faster than the SGA can be found in the higher fitness individuals. And ultimately improve the detection results.