Research On Dual Intrusion Detection Technology Based On

With the diversification and increase in computer crime, computer forensics provides animportant basis to combat crime. Intrusion detection which is the unignored link in computerforensics aspect the collection and accurate acquisition for abnormal data is very important, andis also a hotpot in research, which plays an important role in evidence analysis, correlationanalysis and reporting presentation. The core issue in detection and access job for abnormal datais how to quickly and efficiently identify abnormal data. Dendritic cell algorithm is the latestresearch results in biological immune system, which has been applied into solving variousproblems, especially in anomaly detection.However, too many attribute and information redundancy of the network data makes itdifficult to process data. How to handle the huge amount of data is the key to this study. In orderto anomaly detected timely and effectively, the paper carried out the following studies:(1)To solve the problem of too many attribute and large number of network data, themethod that extraction of features based on chaotic particle swarm is improved.First, the concept of initial potential was put forward to optimize initialization processoptimization, in order to reduce the blindness of random initialization method. Then, consideringthe influence of the location and the fitness value of particles, adjustment the weightsdynamically, and adjust the capacity in searching the optimal in space. At the same time, takingparticle premature judgment mechanism, adding chaos variables timely adjustments to avoidfalling into local optimum. The large amounts of data are classed by extracting the optimalsubset. The results show that the method in reducing the amount of data is effective.(2)For the problem of low detection rate and requirements for real-time in intrusiondetection, anomaly detection method based on improved real-time DCA is proposed.First, the amount threshold of antigen data analysis is set, to ensure timely detection andachieve the purpose of near real-time. Then added the factor of two states gap into the algorithm,the calculation method of the abnormality degree is optimized. Finally, some parameters inalgorithm were optimized to achieve the purpose of simplifying the algorithm. Experimentalresults show that there is a better effect on the accuracy of the algorithm to detect and reduce thetime.(3)Double intrusion detection model based on DCA is designed and completed in system.The improved chaotic PSO and improved real-time DCA are combined to design theintrusion detection model. First, data is preliminary classed through improved CPSO. Then, thesecond detection is processed based on the results of the optimal feature subset and dataclassification in the first step. At the same time, the system and instances implementation are allcompleted based on double intrusion detection model. Experiments show that the model has agood classification result, and also improves the data detection and efficiency.