Intrusion Detection Based On Fuzzy Classification

With the development of computer and communication technology, damages caused by unexpected intrusions and crimes related to computer systems have been increasing rapidly. Therefore, network security which can ensure the system to behave as intended and to provide stable services become focus. Intrusion Detection Systems (IDS) extract information from a computer or a network of computers, and attempt to detect the presence of intrusions from external sources, as well as system abuses by authorized users.In order to withstand more and more frequent compound network attacks and hacker commitment of distribution, multiobjective, multistage nowadays, improve intrusion detection efficiency under the circumstance of high band width and large-scale network, decrease false negative rate and shorten detection time, it is necessary to make improvement on existing intrusion detection methods.Trying to improve the performance of the intrusion detection process from all the perspective, different approaches are presented in this paper as follows:(1) Redundant features can not only occupy huge storage spaces, but also can decrease the accuracy of the classifier, so before the detection, it is necessary to analyze feature selection for input data. In this thesis, the proposed algorithms to select feature are introduced. The influence of arguments on performance in particle swarm optimization (PSO) algorithm is analyzed. A new algorithm combining immune system with PSO is proposed to eliminate the redundancy property, reduce the problem size, improve the quality of classification and speed up the detection. The position of the particle is expressed in a binary string, the update strategies of the position and velocity and the selection of fitness function are illustrated in detail. The results show that the proposed algorithm is efficient for feature selection.(2) In many years, the researches on intrusion detection have been devoted to improve the detection veracity rate and cut down false alarm rate and missing report rate. In this thesis, the fuzzy classification is introduced to intrusion detection. Fuzzy rules involved in intrusion detection are obtained by Genetic algorithm; and Boosting algorithm is employed to change the distribution of training instances during each round of training, so that the fuzzy classification rule newly extracted by Genetic algorithm will put more emphasis upon the instances misclassified or uncovered. And weighted voting method is used to integrate the fuzzy rules. In application to simulation experiment using kddcup'99 as the data set, the results have shown a good recognition performance of our newly presented method.(3) Based on analysis of existing distributed intrusion detection system models, in this thesis, a distributed intrusion detection system model based on agent is introduced. The function of still agent and mobile agent is reasonably divided; the inner structure of both is devised. And great efforts are make to lessen network transfer load and enhance system response ability. In order to detect distributed intrusion, intrusion traced catalogue is designed. In addition, thesis detailedly analyzes model analyzing strategy, adaptive network load detection, mobile workbench, communication of agent. Compared with previous detection systems, our new model can magnificent lessen network load, reduce response time, and has good scalable ability.At last, the dissertation summarizes the main study works and suggests the research directions in future.