Research Of Intrusion Detection Based On Chaos Synchronization And Relevance Vector Machine (rvm)

Intrusion detection technology is an important research branch in the field of network information security. With the widespread use of Internet, network hackers increase frequently which lead to the increasing of attack methods. Network intrusion detection technology has become a hot point of computer network security research. The research staff has to do deepened research work. Intrusion Detection System is an active defense system, and it can make real-time reaction to new intruding events, based on the behavior and feature of former intruding signals. Intrusion Detection System is an important complement to firewalls. This paper presents two new intrusion detection algorithms, which make greatly improved in detection efficiency and detection accuracy.Current intrusion detection systems based on linear ARMA model have been used in many fields. A new detection method based on chaos synchronization has been introduced in this paper. The network flow can be modeled by using GMM combined with EM algorithm, and then the three parameter vectors can be estimated. Take the difference between normal flow data and data for detection as Liu chaos synchronization's control measure, when it has intrusion signals, the wave plot would be oscillating, which is the feature of intrusion. When selecting the suitable threshold, the intrusion signals can be detected accurately. According to the simulations based on the DARPA datasets of MIT Lincoln Lab and the comparisons with the Intrusion Detection System (IDS) based on autoregressive moving average (ARMA) model, the results show that the detective probabilities are higher and the false alarm rates are lower by using this proposed method.Compared with SVM (Support Vector Machine) non-linear detection methods, this paper introduces RVM (Relevance Vector Machine) algorithm which based on probability theory to do the network signal detection. First, I apply the"feature deduction"method to rate the 42 features in the DARPA dataset, and then select the important features and unimportant features according to different attack types, thus demonstrating that using only the important features in IDS can effectively increase the detection rate and decrease the false alarm rate and detecting time. After simulation, RVM can get a similar detection results as SVM, but the RVM detection speed of could be much higher and can get better detection efficiency.According to the analysis and comparison, this paper proposes two new methods such as chaos synchronization technology and RVM technology in intrusion detection systems. The simulation result shows that both methods in the system model has a better detection result than existing methods and can achieve basic practical criteria.