| With the development of internet, network security becomes more and more complex. Although research works on intrusion detection topic have been conducted for decades of years, it is still the most hot spot issue among the research community of network security. Under the background of national key research project, intrusion detection or anomaly detection by using the machine learning techniques had been analyzed in comprehensive and theoretical point of view. Anomaly detection approach by employing feature compression and branch cut was originally proposed with aiming at solving resource consumption, which is the most significant problem of intrusion detection techniques. Experimental simulation for all approaches discussed in this dissertation was implemented on worldly famous KDD99 dataset, such that the results of experiments were more comparative each other, and provided favorable theoretical foundation for design of practical intrusion detection system.The main content of this dissertation can be summarized as follows:I. approaches on intrusion detection approaches based on BP, SOM, C-SVM and Nearest Neighbors (NN) and techniques on anomaly detection approaches based on SOM, OC-SVM were mainly focused. Experimental results demonstrated that BP intrusion detection obtained higher detection rate while C-SVM, the lower false positive rate. Anomaly detection based on SOM showed better performance than OC-SVM. Among various intrusion detection methods based on NN, Condensed-NN was the most effective one as training dataset and computation resources can be reduced apparently. Simulation results in Matlab demonstrated that Condensed-NN was capable of reducing the consuming of computation resources without loss of the same performance.II. Anomaly detection approach adopting feature compression and branch and bound tree based on transductive scheme was novelly proposed with aiming at solving one of the most key problems in intrusion detection. By introducing feature compression and cut technique for branch bound tree, the feature dimension of both training data and test data were highly reduced, likewise Euclidian distance computing times could also be decreased effectively. Experimental results proved that our approaches could solve the above-mentioned problem very well.III. With the help of theoretical analysis on different categories machine learning based intrusion detection techniques, comprehensive experimental analysis and comparison were conducted. Especially, crucial experimental result data were also analyzed in nature and quantitative measurement, such that empirically effective experiences could be exploited by the design of practical intrusion detection system.IV. Theoretical approaches of intrusion detection discussed in this dissertation were very suitable for applying into Da Tang intrusion prevention system. A brief yet clear introduction on actual deployment, structure, and modular design of the system was illustrated. Important future works were also discussed at the end of the thesis. |
PDF Full Text Request