Research Of Key Technology Of Anomaly Network Intrusion Detection Based On Svm

With the rapid development of the application and technology of computer network, people in increasing numbers are concerned with the information security. As a proactive information security, intrusion detection technology has become a hot spot of network security technology in recent years. At present, the intrusion detection system based on intrusion detection technology has been continuously developing and performing. However, due to the diversification ,intelligent and complication of means of network attacks, the intrusion detection system still have some problems in higher rate of false positives and rate of defects. In particular, it needs a lot or complete audit data sets to achieve more satisfactory performance and spend a lot of time in training, so it is necessary that we extract data characteristics of training sets rightly to make intrusion detection in a small sample case. SVM method to solve such problems is a better choice. Essentially it is the scope of machine learning and has strict theoretical foundation and also can solve the problem of small sample, non-linear, high-dimension and so on, the research that it can be applied in intrusion detection has become a hot.In the regard of improving performance of the intrusion detection system---improving detection rates and reducing false positives, omission rate, this paper has done a lot of related work in support vector machines and intrusion detection test data sets.The paper analyzes and designs network anomaly detection systems based on SVM, on the basis of expansion in the IDES original model, it proposes Intrusion Detection System based on SVM Model, describes the function of various parts, and also proposes anomaly detection classifier based on SVM model.In the majority of the environment of intrusion detection system application, we can only get the "normal" data. We consider that how to establish a normal pattern by using such data, then compare with the current system or users' behaviors to determine the extent of deviation from the normal mode. Such problem can be translated into OCSVM problem, it only needs the "normal" data to design the classifiers to determine the type of ownership of the current sample. The paper introduces the idea of One Class SVMs, studies the parameters of dual problem and kernel function and their influences to the popularization of OCSVM through experiments on the KDD99 datasets. The experiment suggests that the OCSVM be practical and have excellent popularization. In addition, the real circumstances of the invasion are emerging, it is impossible to define a complete set to train. Therefore we hope that the intrusion detection system has such capability that its learning accuracy can grow with its continuous learning, this is the idea of incremental learning. Combining the analysis of the existing incremental algorithm with KKT's role in the incremental process, the paper proposes the incremental improvement OCSVM algorithm, the algorithm makes the OCSVM anomaly detection classification be able to continue to carry out incremental learning with new network data, at the same time inhibits the scale of training sets and shortens the training time. The experiment suggests that the incremental approach make the classification results better. The real-time training process makes the intrusion detection system based on OCSVM into a real-time system and is more in line with realistic job requirements.With the speed of the network upgrading, intrusion detection system faces major problems that are low rate of detection, high load and not handling the massive network data, these problems have become increasingly serious. One of the main reason for speed excessive descending that the features of data need to handle are too much, many researchers solve these problems through the feature selection. The paper has done a lot of work on the impact of system performance of feature selection of the test data sets—KDD99 data sets. It analyzes the necessity of feature selection on data sets for intrusion detection. Under the guidance of "information gain" theory which is in information theory, it establishes a mathematical model of feature selection, it makes study on the existent strategies of feature selection and makes a feature selection method for KDD99 data sets and the experiment suggests that the feature selection method has improved the system's performance to some extent.