Machine Learning-based Intrusion Detection System Design And Implementation

With rapidly developing of network technology , the importance of network security is becoming very obvious with intrusion event occuring continuously. How to establish a safe and strong network system to ensure the security of important information has stratagemical significance for sustaining development of the future Internet. It is difficult to ensure the security of network only depending on some static security technology such as firework , encryption, password authentication,VPN based on IPSec , and so on. As a kind of active defense technology, intrusion detection technology detects sorts of malicious attacks in time and responds when the net system is endangered. It is a reasonable supplement to traditional security technology such as firewall. As a new network security technology, intrusion detection technology has become the major concern of network security researching field nowdays.There are two models of intrusion detection system. They are anomaly detection model and misuse detection model. Anomaly detection model first summarizes the signatures normal operations should have to educe models of normal operations, and then monitors the subsequent operations. Once it finds operation modes violating normal according to statistical criterion, an alarm will be produced. Misuse detection model collects the signature of intrusion detection action to establish related rule databases. In the subsequent detection, the collected data will be compared with signature code in rule database, to decide whether they are intrusions or not.But there are some problems in current intrusion detection technique. Arming at these issues, this article proposes a general intrusion detection system based on machine learning and gives the system model architecture diagram, the main flow steps of the system model, and then designs and tests the machine learning module. This module mainly applies LERAD algorithm that belongs to machine learning. LERAD is from Matthew Vincent Mahoney's doctor paper in first reference literature list.This article also researches on the intrusion detection system---Snort, which is based on the network and misuse, and gives emphases on the analysis of the system source codes. Then a plan that adding the machine learning to the Snort is put forward, so the machine learning-based L_Snort system can not only detect the known attacks by pattern matching, but also detect the unknown attacks by self learning.