| Intrusion detection is an essential component of critical infrastructure protection mechanisms. The traditional pure Artificial Neural Network (ANN) based Intrusion Detection Systems (IDSs) encounter the challenge that it is not easy for them to acquire enough abundant samples. Current IDSs thus have limited extensibility in the face of changed or upgraded network configurations, and poor adaptability in the face of new attract methods.Firstly, this thesis introduces importance, history, classification, definition and common framework of Intrusion Detection Systems and discusses intrusion detection methods and technologies. Then, it imports information fusion theory, uses evidence theory as information fusion algorithm, and uses ANN as classification to construct a new Intrusion Detection Model.This model uses dataset, created by MIT Lincoln Labs, for the 1999 KDD intrusion detection contest. After analyzing 41 features of dataset in detail, this paper compares all attack types and sorts this attacks into 4 classes: DoS, R2L, U2R and Probe. From attack breakdown of 4898431 attacks, the probabilities of 4 classes' attacks occurrence are largely different. So a feature choosing and ranking method is put forward.Chosen and processed features input Radial Basis Function (RBF) nets as input vectors. This model uses 4 Radial Basis Function nets, which classify connections into normal, DoS, R2L, U2R, Probe according to Basic TCP features, Content features, Time_based traffic features and Host_based traffic features. Then those classified results are treated as pieces of evidence, which are the inputs of evidence theory module. Though using evidence theory module to fuse all output vectors of 4 RBF nets, false positives are decreased and the detection rate is improved. |
PDF Full Text Request