Rbf Neural Network-based Intrusion Detection System

As an active security-defense technique, intrusion detection system (IDS) offers real-time protect against interior or exterior attack, and mistaken operation. It can intercept or give response to the intrusion before the network is in invasion. However, nowadays the intrusion detection system is facing great challenges, more and more complicated computer network system and wiser intrusion means requiring the intrusion detection technique to develop rapidly.Summarizeing the actuality of the development of IDS, the present thesis descripts the types of intrusion in the internet and analyzes the shortcoming of traditional IDS. And it introduces the function, types and theory of common IDS. The thesis gives a brief introduction to the new technologies applied into IDS and explains the learning methods and working theories of Artificial Neural Network (ANN), especially the comparison of the learning and detecting capability between BP net and RBF net.ANN has been widely applied to IDS along with the development of new technologies. As a mature technology, BP neural networks have been applied in the field of intrusion detection for several years. However, due to its property limitation of local minimization, it is hard to improve its detection performances. Because RBF (Radial Basis Function) network is better than BP (Back Propagation) network in its property of optimal approximation, classify ability and the rapidity of study, it can improve the detection performances of IDS.This thesis constructs an IDS based on RBF neural network, which gives the basic thinking of design and the arithmetic, the method of collection and beforehand disposal way of the sample data. In order to get more valuable information, we put the single package and serial packages in the input of ANN, filter the single package to make the single package information more integrity and pick up more valuable information from the serial packages. So the IDS based on RBF have more advantage compared with traditional IDS.We have done some emulational examinations to this system. The result indicates that RBF net is more preponderant than BP net. RBF net can particularly expedite the training speed and increase the efficiency of intrusion. The result of examination is satisfactory. The false positive rate is not great, and the detection rate of new kind intrusion is not too low. So the RBF net has wide space of development and foregroundofusein IDS.The innovation of this design is the application of the RBF net into IDS and the realization of the detection and alarm of intrusion. During the forehand disposal of data, we not only deal with the single package information but also pick up more valuable information from the serial packages. So the capability of IDS is improved.Because of the limited time, the system only equalities a filter of intrusion, and adjudicates whether the intrusion exists, but can not point out the real types of the intrusion. The system still needs improvement in the later time.