Improve The Performance Of Svm Based Network Intrusion Detection Research

According to the globol business security index report of IBM issued recently, computer virus and criminal attacks have increased 50% during the first half of 2005. The situation of networks security is becoming increasingly critical. Intrusion detection is the core of P~2DR security modol, and also one of the important parts of whole computer information security system, playing an increasingly important role.With the rapid development of large-scale high-speed network, intrusion detect system (IDS) is challenged by the new situation. The current products of IDS are based mostly on rule detection, the processing speed slower, the accuracy of detection not high, the phenomena of net data lost becoming worse. Support Vector Machine(SVM) has a good many advantages in intrusion detection field, such as high processing speed, power extensibility. That can mostly improve the perfermence of IDS, and enhance the adaptability to high-speed network environment.The thesis mainly discusses the application of SVM in NIDS. To begin with, the thesis summarizes some related knowledge about intrusion detection; Then, some conceptions about SVM and GA are introduced; Furthermore, in order to improve the performance of NIDS in the situation of high-speed networks,a NIDS model based on SVM is designed on the basis of a great deal of experiments. The model is modular design, parallel detection, and only dealt with the key features, thus, it can not only improve the detection performance, but also lay the foundation for the expansion of the system detection engine. In the following parts this thesis introduces some related experiments detaily, and analyzes the results. Finally, there are a summary of whole article and a suggestion made for further study.The main work of this thesis has three parts.The first two parts are the innovation of this article. Firstly, in order to make support vector classifier,the detector engine of NIDS, obtain better performance,we use GA to determine the parameters of SVM.It is used to solve the problem of doing it...